Computer Security
[EN] securityvulns.ru no-pyccku


dnsmasq multiple security vulnerabilities
Published:02.09.2009
Source:
SecurityVulns ID:10194
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities on TFTP processing.
Affected:DNSMASQ : dnsmasq 2.45
CVE:CVE-2009-2958 (The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.)
 CVE-2009-2957 (Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1876-1] New dnsmasq packages fix remote code execution (02.09.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod