Lucene search
HistorySep 02, 2009 - 3:30 p.m.
CVE-2009-2958
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
6.2
Confidence
Low
EPSS
0.036
Percentile
91.6%
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
Affected configurations
Node
thekelleysdnsmasqRangeβ€2.49
ORthekelleysdnsmasqMatch0.4
ORthekelleysdnsmasqMatch0.5
ORthekelleysdnsmasqMatch0.6
ORthekelleysdnsmasqMatch0.7
ORthekelleysdnsmasqMatch0.95
ORthekelleysdnsmasqMatch0.96
ORthekelleysdnsmasqMatch0.98
ORthekelleysdnsmasqMatch0.992
ORthekelleysdnsmasqMatch0.996
ORthekelleysdnsmasqMatch1.0
ORthekelleysdnsmasqMatch1.2
ORthekelleysdnsmasqMatch1.3
ORthekelleysdnsmasqMatch1.4
ORthekelleysdnsmasqMatch1.5
ORthekelleysdnsmasqMatch1.6
ORthekelleysdnsmasqMatch1.7
ORthekelleysdnsmasqMatch1.8
ORthekelleysdnsmasqMatch1.9
ORthekelleysdnsmasqMatch1.10
ORthekelleysdnsmasqMatch1.11
ORthekelleysdnsmasqMatch1.12
ORthekelleysdnsmasqMatch1.13
ORthekelleysdnsmasqMatch1.14
ORthekelleysdnsmasqMatch1.15
ORthekelleysdnsmasqMatch1.16
ORthekelleysdnsmasqMatch1.17
ORthekelleysdnsmasqMatch1.18
ORthekelleysdnsmasqMatch2.0
ORthekelleysdnsmasqMatch2.1
ORthekelleysdnsmasqMatch2.2
ORthekelleysdnsmasqMatch2.3
ORthekelleysdnsmasqMatch2.4
ORthekelleysdnsmasqMatch2.5
ORthekelleysdnsmasqMatch2.6
ORthekelleysdnsmasqMatch2.7
ORthekelleysdnsmasqMatch2.8
ORthekelleysdnsmasqMatch2.9
ORthekelleysdnsmasqMatch2.10
ORthekelleysdnsmasqMatch2.11
ORthekelleysdnsmasqMatch2.12
ORthekelleysdnsmasqMatch2.13
ORthekelleysdnsmasqMatch2.14
ORthekelleysdnsmasqMatch2.15
ORthekelleysdnsmasqMatch2.16
ORthekelleysdnsmasqMatch2.17
ORthekelleysdnsmasqMatch2.18
ORthekelleysdnsmasqMatch2.19
ORthekelleysdnsmasqMatch2.20
ORthekelleysdnsmasqMatch2.21
ORthekelleysdnsmasqMatch2.22
ORthekelleysdnsmasqMatch2.23
ORthekelleysdnsmasqMatch2.24
ORthekelleysdnsmasqMatch2.25
ORthekelleysdnsmasqMatch2.26
ORthekelleysdnsmasqMatch2.27
ORthekelleysdnsmasqMatch2.28
ORthekelleysdnsmasqMatch2.29
ORthekelleysdnsmasqMatch2.30
ORthekelleysdnsmasqMatch2.31
ORthekelleysdnsmasqMatch2.33
ORthekelleysdnsmasqMatch2.34
ORthekelleysdnsmasqMatch2.35
ORthekelleysdnsmasqMatch2.36
ORthekelleysdnsmasqMatch2.37
ORthekelleysdnsmasqMatch2.38
ORthekelleysdnsmasqMatch2.39
ORthekelleysdnsmasqMatch2.40
ORthekelleysdnsmasqMatch2.41
ORthekelleysdnsmasqMatch2.42
ORthekelleysdnsmasqMatch2.43
ORthekelleysdnsmasqMatch2.44
ORthekelleysdnsmasqMatch2.45
ORthekelleysdnsmasqMatch2.46
ORthekelleysdnsmasqMatch2.47
ORthekelleysdnsmasqMatch2.48
References
secunia.com/advisories/36563
www.coresecurity.com/content/dnsmasq-vulnerabilities
www.redhat.com/support/errata/RHSA-2009-1238.html
www.securityfocus.com/bid/36120
www.thekelleys.org.uk/dnsmasq/CHANGELOG
www.ubuntu.com/usn/USN-827-1
bugzilla.redhat.com/show_bug.cgi?id=519020
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816
rhn.redhat.com/errata/RHSA-2010-0095.html
Related
checkpoint_advisories
checkpoint_advisories
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:37:16
cve
cve
CVE-2009-2958
2009-09-02 15:30:01
prion
prion
Null pointer dereference
2009-09-02 15:30:00
ubuntucve
ubuntucve
CVE-2009-2958
2009-09-02 00:00:00
seebug
seebug
Dnsmasq TFTPζε‘θΏη¨η©ΊζιεΌη¨ζΌζ΄
2009-09-02 00:00:00
Dnsmasq < 2.50 - Heap Overflow & Null pointer Dereference Vulns
2014-07-01 00:00:00
Dnsmasq < 2.50 Heap Overflow & Null pointer Dereference Vulns
2009-09-09 00:00:00
debiancve
debiancve
CVE-2009-2958
2009-09-02 15:30:01
cvelist
cvelist
CVE-2009-2958
2009-09-02 15:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-10252 (dnsmasq)
2009-10-19 00:00:00
FreeBSD Ports: dnsmasq
2009-09-09 00:00:00
Debian Security Advisory DSA 1876-1 (dnsmasq)
2009-09-09 00:00:00
coresecurity
coresecurity
Dnsmasq Heap Overflow and NULL-pointer derreference on TFTP Server
2009-08-31 00:00:00
nessus
nessus
Fedora 10 : dnsmasq-2.46-2.fc10 (2009-10252)
2009-10-15 00:00:00
Debian DSA-1876-1 : dnsmasq - buffer overflow
2010-02-24 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : dnsmasq vulnerabilities (USN-827-1)
2009-09-02 00:00:00
centos
centos
dnsmasq security update
2009-09-01 15:10:22
freebsd
freebsd
dnsmasq -- TFTP server remote code injection vulnerability
2009-08-31 00:00:00
redhat
redhat
(RHSA-2009:1238) Important: dnsmasq security update
2009-08-31 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
securityvulns
securityvulns
CORE-2009-0820 - Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
2009-09-10 00:00:00
dnsmasq multiple security vulnerabilities
2009-09-02 00:00:00
dnsmasq TFTP server multiple security vulnerabilities
2009-09-10 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: dnsmasq-2.46-3.fc11
2009-10-14 01:33:55
[SECURITY] Fedora 10 Update: dnsmasq-2.46-2.fc10
2009-10-14 01:59:02
ubuntu
ubuntu
Dnsmasq vulnerabilities
2009-09-01 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2009.0820
2009-09-02 00:00:00
debian
debian
[SECURITY] [DSA 1876-1] New dnsmasq packages fix remote code execution
2009-09-01 19:41:26
altlinux
altlinux
Security fix for the ALT Linux 5 package dnsmasq version 2.46-alt1.1.M51.2
2010-03-01 00:00:00
osv
osv
dnsmasq - remote code execution
2009-09-01 00:00:00
exploitpack
exploitpack
Dnsmasq 2.50 - Heap Overflow Null Pointer Dereference
2009-09-09 00:00:00
oraclelinux
oraclelinux
dnsmasq security update
2009-08-31 00:00:00
gentoo
gentoo
Dnsmasq: Multiple vulnerabilities
2009-09-20 00:00:00
exploitdb
exploitdb
Dnsmasq < 2.50 - Heap Overflow / Null Pointer Dereference
2009-09-09 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
6.2
Confidence
Low
EPSS
0.036
Percentile
91.6%
Related for NVD:CVE-2009-2958