Executive Summary
| Summary | |
|---|---|
| Title | New dnsmasq packages fix remote code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-1876 | First vendor Publication | 2009-09-01 |
| Vendor | Debian | Last vendor Modification | 2009-09-01 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2957 A buffer overflow in TFTP processing may enable arbitrary code execution to attackers which are permitted to use the TFTP service. CVE-2009-2958 Malicious TFTP clients may crash dnsmasq, leading to denial of service. The old stable distribution is not affected by these problems. For the stable distribution (lenny), these problems have been fixed in version 2.45-1+lenny1. For the unstable distribution (sid), these problems have been fixed in version 2.50-1. We recommend that you upgrade your dnsmasq packages. |
Original Source
| Url : http://www.debian.org/security/2009/dsa-1876 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-399 | Resource Management Errors |
| 50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10538 | |||
| Oval ID: | oval:org.mitre.oval:def:10538 | ||
| Title: | Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. | ||
| Description: | Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2957 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13718 | |||
| Oval ID: | oval:org.mitre.oval:def:13718 | ||
| Title: | DSA-1876-1 dnsmasq -- buffer overflow | ||
| Description: | Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2957 A buffer overflow in TFTP processing may enable arbitrary code execution to attackers which are permitted to use the TFTP service. CVE-2009-2958 Malicious TFTP clients may crash dnsmasq, leading to denial of service. The old stable distribution is not affected by these problems. For the stable distribution, these problems have been fixed in version 2.45-1+lenny1. For the unstable distribution, these problems have been fixed in version 2.50-1. We recommend that you upgrade your dnsmasq packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1876-1 CVE-2009-2957 CVE-2009-2958 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | dnsmasq |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13921 | |||
| Oval ID: | oval:org.mitre.oval:def:13921 | ||
| Title: | USN-827-1 -- dnsmasq vulnerabilities | ||
| Description: | IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartA­n Coco, Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq did not properly validate its input when processing TFTP requests for files with long names. A remote attacker could cause a denial of service or execute arbitrary code with user privileges. Dnsmasq runs as the "dnsmasq" user by default on Ubuntu. Steve Grubb discovered that Dnsmasq could be made to dereference a NULL pointer when processing certain TFTP requests. A remote attacker could cause a denial of service by sending a crafted TFTP request | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-827-1 CVE-2009-2957 CVE-2009-2958 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | dnsmasq |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22599 | |||
| Oval ID: | oval:org.mitre.oval:def:22599 | ||
| Title: | ELSA-2009:1238: dnsmasq security update (Important) | ||
| Description: | The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1238-01 CVE-2009-2957 CVE-2009-2958 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | dnsmasq |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:29359 | |||
| Oval ID: | oval:org.mitre.oval:def:29359 | ||
| Title: | RHSA-2009:1238 -- dnsmasq security update (Important) | ||
| Description: | An updated dnsmasq package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP server. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1238 CESA-2009:1238-CentOS 5 CVE-2009-2957 CVE-2009-2958 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | dnsmasq |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7920 | |||
| Oval ID: | oval:org.mitre.oval:def:7920 | ||
| Title: | DSA-1876 dnsmasq -- buffer overflow | ||
| Description: | Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq. The Common Vulnerabilities and Exposures project identifies the following problems: A buffer overflow in TFTP processing may enable arbitrary code execution to attackers which are permitted to use the TFTP service. Malicious TFTP clients may crash dnsmasq, leading to denial of service. The old stable distribution is not affected by these problems. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1876 CVE-2009-2957 CVE-2009-2958 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | dnsmasq |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9816 | |||
| Oval ID: | oval:org.mitre.oval:def:9816 | ||
| Title: | The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. | ||
| Description: | The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2958 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2009-09-09 | Dnsmasq < 2.50 - Heap Overflow & Null pointer Dereference Vulns |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-08-09 | Name : CentOS Update for dnsmasq CESA-2009:1238 centos5 i386 File : nvt/gb_CESA-2009_1238_dnsmasq_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for gnutls CESA-2009:123 centos5 i386 File : nvt/gb_CESA-2009_123_gnutls_centos5_i386.nasl |
| 2009-10-19 | Name : Fedora Core 10 FEDORA-2009-10252 (dnsmasq) File : nvt/fcore_2009_10252.nasl |
| 2009-10-19 | Name : Fedora Core 11 FEDORA-2009-10285 (dnsmasq) File : nvt/fcore_2009_10285.nasl |
| 2009-09-21 | Name : Gentoo Security Advisory GLSA 200909-19 (dnsmasq) File : nvt/glsa_200909_19.nasl |
| 2009-09-09 | Name : Debian Security Advisory DSA 1876-1 (dnsmasq) File : nvt/deb_1876_1.nasl |
| 2009-09-09 | Name : FreeBSD Ports: dnsmasq File : nvt/freebsd_dnsmasq.nasl |
| 2009-09-09 | Name : CentOS Security Advisory CESA-2009:1238 (dnsmasq) File : nvt/ovcesa2009_1238.nasl |
| 2009-09-09 | Name : SuSE Security Summary SUSE-SR:2009:014 File : nvt/suse_sr_2009_014.nasl |
| 2009-09-09 | Name : Ubuntu USN-827-1 (dnsmasq) File : nvt/ubuntu_827_1.nasl |
| 2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1238 File : nvt/RHSA_2009_1238.nasl |
| 2009-09-02 | Name : Dnsmasq TFTP Service multiple vulnerabilities File : nvt/dnsmasq_tftp.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 57593 | Dnsmasq src/ftpd.c tftp_request() Function NULL Dereference Remote DoS |
| 57592 | Dnsmasq src/tftp.c tftp_request() Function Remote Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | PUT filename overflow attempt RuleID : 2337-community - Revision : 23 - Type : PROTOCOL-TFTP |
| 2014-01-10 | PUT filename overflow attempt RuleID : 2337 - Revision : 23 - Type : PROTOCOL-TFTP |
| 2014-01-10 | GET filename overflow attempt RuleID : 1941-community - Revision : 24 - Type : PROTOCOL-TFTP |
| 2014-01-10 | GET filename overflow attempt RuleID : 1941 - Revision : 24 - Type : PROTOCOL-TFTP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2009-0022.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1238.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090831_dnsmasq_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1876.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1238.nasl - Type : ACT_GATHER_INFO |
| 2009-10-15 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10252.nasl - Type : ACT_GATHER_INFO |
| 2009-10-15 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10285.nasl - Type : ACT_GATHER_INFO |
| 2009-09-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200909-19.nasl - Type : ACT_GATHER_INFO |
| 2009-09-04 | Name : The remote TFTP service is affected by multiple vulnerabilities. File : dnsmasq_multiple_tftp_flaws.nasl - Type : ACT_GATHER_INFO |
| 2009-09-03 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_80aa98e097b411deb9460030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-09-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1238.nasl - Type : ACT_GATHER_INFO |
| 2009-09-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-827-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:28:47 |
|
