Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

SciLinux: CVE-2009-2957 Important dnsmasq TFTP Security Advisory

Scientific Large Esm H446
Important: dnsmasq security update
Date: Tue, 1 Sep 2009 10:58:17 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: dnsmasq on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Important: dnsmasq security update
Issue date:	2009-08-31
CVE Names:	CVE-2009-2957 CVE-2009-2958

CVE-2009-2957, CVE-2009-2958 dnsmasq: multiple vulnerabilities in TFTP
server

Core Security Technologies discovered a heap overflow flaw in dnsmasq
when the TFTP service is enabled (the "--enable-tftp" command line
option, or by enabling "enable-tftp" in "/etc/dnsmasq.conf"). If the
configured tftp-root is sufficiently long, and a remote user sends a
request that sends a long file name, dnsmasq could crash or, possibly,
execute arbitrary code with the privileges of the dnsmasq service
(usually the unprivileged "nobody" user). (CVE-2009-2957)

A NULL pointer dereference flaw was discovered in dnsmasq when the TFTP
service is enabled. This flaw could allow a malicious TFTP client to
crash the dnsmasq service. (CVE-2009-2958)

Note: The default tftp-root is "/var/ftpd", which is short enough to
make it difficult to exploit the CVE-2009-2957 issue; if a longer
directory name is used, arbitrary code execution may be possible. As
well, the dnsmasq package distributed by Red Hat does not have TFTP
support enabled by default.

After installing the updated package, the dnsmasq service must be
restarted for the update to take effect.

SL 5.x

 SRPMS:
dnsmasq-2.45-1.1.el5_3.src.rpm
 i386:
dnsmasq-2.45-1.1.el5_3.i386.rpm
 x86_64:
dnsmasq-2.45-1.1.el5_3.x86_64.rpm

-Connie Sieh
-Troy Dawson