Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-2957HistorySep 02, 2009 - 3:30 p.m.
CVE-2009-2957
2009-09-0215:30:00
Debian Security Bug Tracker
security-tracker.debian.org
8
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.269 Low
EPSS
Percentile
96.7%
Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | dnsmasq | <Β 2.50-1 | dnsmasq_2.50-1_all.deb |
| Debian | 11 | all | dnsmasq | <Β 2.50-1 | dnsmasq_2.50-1_all.deb |
| Debian | 10 | all | dnsmasq | <Β 2.50-1 | dnsmasq_2.50-1_all.deb |
| Debian | 999 | all | dnsmasq | <Β 2.50-1 | dnsmasq_2.50-1_all.deb |
| Debian | 13 | all | dnsmasq | <Β 2.50-1 | dnsmasq_2.50-1_all.deb |
Related
ubuntucve
ubuntucve
CVE-2009-2957
2009-09-02 00:00:00
cve
cve
CVE-2009-2957
2009-09-02 15:30:00
checkpoint_advisories
checkpoint_advisories
Dnsmasq TFTP Service Remote Heap Buffer Overflow (CVE-2009-2957)
2010-02-09 00:00:00
seebug
seebug
Dnsmasq TFTPζε‘θΏη¨ε ζΊ’εΊζΌζ΄
2009-09-02 00:00:00
Dnsmasq < 2.50 Heap Overflow & Null pointer Dereference Vulns
2009-09-09 00:00:00
Dnsmasq < 2.50 - Heap Overflow & Null pointer Dereference Vulns
2014-07-01 00:00:00
prion
prion
Heap overflow
2009-09-02 15:30:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:37:16
securityvulns
securityvulns
dnsmasq TFTP server multiple security vulnerabilities
2009-09-10 00:00:00
[SECURITY] [DSA 1876-1] New dnsmasq packages fix remote code execution
2009-09-02 00:00:00
nessus
nessus
FreeBSD : dnsmasq -- TFTP server remote code injection vulnerability (80aa98e0-97b4-11de-b946-0030843d3802)
2009-09-03 00:00:00
RHEL 5 : dnsmasq (RHSA-2009:1238)
2009-09-02 00:00:00
Oracle Linux 5 : dnsmasq (ELSA-2009-1238)
2013-07-12 00:00:00
openvas
openvas
CentOS Security Advisory CESA-2009:1238 (dnsmasq)
2009-09-09 00:00:00
RedHat Security Advisory RHSA-2009:1238
2009-09-02 00:00:00
Gentoo Security Advisory GLSA 200909-19 (dnsmasq)
2009-09-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package dnsmasq version 2.46-alt1.1.M51.2
2010-03-01 00:00:00
debian
debian
[SECURITY] [DSA 1876-1] New dnsmasq packages fix remote code execution
2009-09-01 19:41:26
osv
osv
dnsmasq - remote code execution
2009-09-01 00:00:00
exploitpack
exploitpack
Dnsmasq 2.50 - Heap Overflow Null Pointer Dereference
2009-09-09 00:00:00
oraclelinux
oraclelinux
dnsmasq security update
2009-08-31 00:00:00
gentoo
gentoo
Dnsmasq: Multiple vulnerabilities
2009-09-20 00:00:00
redhat
redhat
(RHSA-2009:1238) Important: dnsmasq security update
2009-08-31 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: dnsmasq-2.46-3.fc11
2009-10-14 01:33:55
[SECURITY] Fedora 10 Update: dnsmasq-2.46-2.fc10
2009-10-14 01:59:02
centos
centos
dnsmasq security update
2009-09-01 15:10:22
coresecurity
coresecurity
Dnsmasq Heap Overflow and NULL-pointer derreference on TFTP Server
2009-08-31 00:00:00
freebsd
freebsd
dnsmasq -- TFTP server remote code injection vulnerability
2009-08-31 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2009.0820
2009-09-02 00:00:00
ubuntu
ubuntu
Dnsmasq vulnerabilities
2009-09-01 00:00:00
exploitdb
exploitdb
Dnsmasq < 2.50 - Heap Overflow / Null Pointer Dereference
2009-09-09 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.269 Low
EPSS
Percentile
96.7%
Related for DEBIANCVE:CVE-2009-2957