Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2957

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-2957
Last Modified 22 Jan 2013 11:19:10
Published 02 Sep 2009 11:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2957

Summary

Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.

Vulnerable Systems

Application

  • Thekelleys Dnsmasq 0.4

  • Thekelleys Dnsmasq 0.5

  • Thekelleys Dnsmasq 0.6

  • Thekelleys Dnsmasq 0.7

  • Thekelleys Dnsmasq 0.95

  • Thekelleys Dnsmasq 0.96

  • Thekelleys Dnsmasq 0.98

  • Thekelleys Dnsmasq 0.992

  • Thekelleys Dnsmasq 0.996

  • Thekelleys Dnsmasq 1.0

  • Thekelleys Dnsmasq 1.10

  • Thekelleys Dnsmasq 1.11

  • Thekelleys Dnsmasq 1.12

  • Thekelleys Dnsmasq 1.13

  • Thekelleys Dnsmasq 1.14

  • Thekelleys Dnsmasq 1.15

  • Thekelleys Dnsmasq 1.16

  • Thekelleys Dnsmasq 1.17

  • Thekelleys Dnsmasq 1.18

  • Thekelleys Dnsmasq 1.2

  • Thekelleys Dnsmasq 1.3

  • Thekelleys Dnsmasq 1.4

  • Thekelleys Dnsmasq 1.5

  • Thekelleys Dnsmasq 1.6

  • Thekelleys Dnsmasq 1.7

  • Thekelleys Dnsmasq 1.8

  • Thekelleys Dnsmasq 1.9

  • Thekelleys Dnsmasq 2.0

  • Thekelleys Dnsmasq 2.1

  • Thekelleys Dnsmasq 2.10

  • Thekelleys Dnsmasq 2.11

  • Thekelleys Dnsmasq 2.12

  • Thekelleys Dnsmasq 2.13

  • Thekelleys Dnsmasq 2.14

  • Thekelleys Dnsmasq 2.15

  • Thekelleys Dnsmasq 2.16

  • Thekelleys Dnsmasq 2.17

  • Thekelleys Dnsmasq 2.18

  • Thekelleys Dnsmasq 2.19

  • Thekelleys Dnsmasq 2.2

  • Thekelleys Dnsmasq 2.20

  • Thekelleys Dnsmasq 2.21

  • Thekelleys Dnsmasq 2.22

  • Thekelleys Dnsmasq 2.23

  • Thekelleys Dnsmasq 2.24

  • Thekelleys Dnsmasq 2.25

  • Thekelleys Dnsmasq 2.26

  • Thekelleys Dnsmasq 2.27

  • Thekelleys Dnsmasq 2.28

  • Thekelleys Dnsmasq 2.29

  • Thekelleys Dnsmasq 2.3

  • Thekelleys Dnsmasq 2.30

  • Thekelleys Dnsmasq 2.31

  • Thekelleys Dnsmasq 2.33

  • Thekelleys Dnsmasq 2.34

  • Thekelleys Dnsmasq 2.35

  • Thekelleys Dnsmasq 2.36

  • Thekelleys Dnsmasq 2.37

  • Thekelleys Dnsmasq 2.38

  • Thekelleys Dnsmasq 2.39

  • Thekelleys Dnsmasq 2.4

  • Thekelleys Dnsmasq 2.40

  • Thekelleys Dnsmasq 2.41

  • Thekelleys Dnsmasq 2.42

  • Thekelleys Dnsmasq 2.43

  • Thekelleys Dnsmasq 2.44

  • Thekelleys Dnsmasq 2.45

  • Thekelleys Dnsmasq 2.46

  • Thekelleys Dnsmasq 2.47

  • Thekelleys Dnsmasq 2.48

  • Thekelleys Dnsmasq 2.49

  • Thekelleys Dnsmasq 2.5

  • Thekelleys Dnsmasq 2.6

  • Thekelleys Dnsmasq 2.7

  • Thekelleys Dnsmasq 2.8

  • Thekelleys Dnsmasq 2.9


References

BID - 36121

MISC - http://www.coresecurity.com/content/dnsmasq-vulnerabilities

REDHAT - RHSA-2010:0095

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=519020

CONFIRM - http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

UBUNTU - USN-827-1

REDHAT - RHSA-2009:1238

SECUNIA - 36563


Last Updated: 27 May 2016 11:01:42