CVE-2009-2958: Null Pointer Dereference
First published: Mon Aug 31 2009(Updated: )
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/dnsmasq | <0:2.45-1.1.el5_3 | 0:2.45-1.1.el5_3 |
| Dnsmasq | <=2.49 | |
| Dnsmasq | =0.4 | |
| Dnsmasq | =0.5 | |
| Dnsmasq | =0.6 | |
| Dnsmasq | =0.7 | |
| Dnsmasq | =0.95 | |
| Dnsmasq | =0.96 | |
| Dnsmasq | =0.98 | |
| Dnsmasq | =0.992 | |
| Dnsmasq | =0.996 | |
| Dnsmasq | =1.0 | |
| Dnsmasq | =1.2 | |
| Dnsmasq | =1.3 | |
| Dnsmasq | =1.4 | |
| Dnsmasq | =1.5 | |
| Dnsmasq | =1.6 | |
| Dnsmasq | =1.7 | |
| Dnsmasq | =1.8 | |
| Dnsmasq | =1.9 | |
| Dnsmasq | =1.10 | |
| Dnsmasq | =1.11 | |
| Dnsmasq | =1.12 | |
| Dnsmasq | =1.13 | |
| Dnsmasq | =1.14 | |
| Dnsmasq | =1.15 | |
| Dnsmasq | =1.16 | |
| Dnsmasq | =1.17 | |
| Dnsmasq | =1.18 | |
| Dnsmasq | =2.0 | |
| Dnsmasq | =2.1 | |
| Dnsmasq | =2.2 | |
| Dnsmasq | =2.3 | |
| Dnsmasq | =2.4 | |
| Dnsmasq | =2.5 | |
| Dnsmasq | =2.6 | |
| Dnsmasq | =2.7 | |
| Dnsmasq | =2.8 | |
| Dnsmasq | =2.9 | |
| Dnsmasq | =2.10 | |
| Dnsmasq | =2.11 | |
| Dnsmasq | =2.12 | |
| Dnsmasq | =2.13 | |
| Dnsmasq | =2.14 | |
| Dnsmasq | =2.15 | |
| Dnsmasq | =2.16 | |
| Dnsmasq | =2.17 | |
| Dnsmasq | =2.18 | |
| Dnsmasq | =2.19 | |
| Dnsmasq | =2.20 | |
| Dnsmasq | =2.21 | |
| Dnsmasq | =2.22 | |
| Dnsmasq | =2.23 | |
| Dnsmasq | =2.24 | |
| Dnsmasq | =2.25 | |
| Dnsmasq | =2.26 | |
| Dnsmasq | =2.27 | |
| Dnsmasq | =2.28 | |
| Dnsmasq | =2.29 | |
| Dnsmasq | =2.30 | |
| Dnsmasq | =2.31 | |
| Dnsmasq | =2.33 | |
| Dnsmasq | =2.34 | |
| Dnsmasq | =2.35 | |
| Dnsmasq | =2.36 | |
| Dnsmasq | =2.37 | |
| Dnsmasq | =2.38 | |
| Dnsmasq | =2.39 | |
| Dnsmasq | =2.40 | |
| Dnsmasq | =2.41 | |
| Dnsmasq | =2.42 | |
| Dnsmasq | =2.43 | |
| Dnsmasq | =2.44 | |
| Dnsmasq | =2.45 | |
| Dnsmasq | =2.46 | |
| Dnsmasq | =2.47 | |
| Dnsmasq | =2.48 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=519020
- http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
- http://www.coresecurity.com/content/dnsmasq-vulnerabilities
- http://www.securityfocus.com/bid/36120
- https://rhn.redhat.com/errata/RHSA-2010-0095.html
- http://secunia.com/advisories/36563
- http://www.redhat.com/support/errata/RHSA-2009-1238.html
- http://www.ubuntu.com/usn/USN-827-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816
- https://www.cve.org/CVERecord?id=CVE-2009-2958 https://nvd.nist.gov/vuln/detail/CVE-2009-2958
- https://access.redhat.com/errata/RHSA-2009:1238
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2958.json
Frequently Asked Questions
What is the severity of CVE-2009-2958?
CVE-2009-2958 is classified as a denial of service vulnerability due to a NULL pointer dereference in dnsmasq.
How do I fix CVE-2009-2958?
To fix CVE-2009-2958, upgrade dnsmasq to version 2.50 or later.
Which versions of dnsmasq are affected by CVE-2009-2958?
Affected versions of dnsmasq include all versions before 2.50, such as 0.4 up to 2.49.
What type of attacks can exploit CVE-2009-2958?
CVE-2009-2958 can be exploited by remote attackers sending a malformed TFTP RRQ request.
What impact does CVE-2009-2958 have on a system?
The impact of CVE-2009-2958 is a crash of the dnsmasq daemon, leading to a denial of service.
- agent/type
- agent/first-publish-date
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-cve
- source/Red Hat
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/thekelleys
- canonical/dnsmasq
- version/dnsmasq/0.4
- version/dnsmasq/2.11
- version/dnsmasq/2.28
- version/dnsmasq/2.39
- version/dnsmasq/0.996
- version/dnsmasq/1.8
- version/dnsmasq/2.1
- version/dnsmasq/2.25
- version/dnsmasq/2.6
- version/dnsmasq/1.2
- version/dnsmasq/1.16
- version/dnsmasq/0.98
- version/dnsmasq/2.34
- version/dnsmasq/2.7
- version/dnsmasq/1.6
- version/dnsmasq/2.23
- version/dnsmasq/2.36
- version/dnsmasq/2.41
- version/dnsmasq/0.95
- version/dnsmasq/2.22
- version/dnsmasq/1.15
- version/dnsmasq/2.46
- version/dnsmasq/0.6
- version/dnsmasq/2.9
- version/dnsmasq/1.7
- version/dnsmasq/2.14
- version/dnsmasq/1.14
- version/dnsmasq/1.12
- version/dnsmasq/1.9
- version/dnsmasq/0.992
- version/dnsmasq/2.20
- version/dnsmasq/2.13
- version/dnsmasq/2.4
- version/dnsmasq/2.44
- version/dnsmasq/1.4
- version/dnsmasq/1.3
- version/dnsmasq/2.10
- version/dnsmasq/1.10
- version/dnsmasq/0.7
- version/dnsmasq/2.3
- version/dnsmasq/2.37
- version/dnsmasq/2.43
- version/dnsmasq/2.29
- version/dnsmasq/2.40
- version/dnsmasq/2.35
- version/dnsmasq/2.17
- version/dnsmasq/2.0
- version/dnsmasq/2.19
- version/dnsmasq/2.42
- version/dnsmasq/2.24
- version/dnsmasq/1.11
- version/dnsmasq/1.17
- version/dnsmasq/2.38
- version/dnsmasq/2.16
- version/dnsmasq/2.48
- version/dnsmasq/1.0
- version/dnsmasq/2.27
- version/dnsmasq/2.33
- version/dnsmasq/1.18
- version/dnsmasq/1.5
- version/dnsmasq/1.13
- version/dnsmasq/2.45
- version/dnsmasq/2.5
- version/dnsmasq/2.47
- version/dnsmasq/0.96
- version/dnsmasq/2.30
- version/dnsmasq/2.21
- version/dnsmasq/0.5
- version/dnsmasq/2.8
- version/dnsmasq/2.26
- version/dnsmasq/2.31
- version/dnsmasq/2.2
- version/dnsmasq/2.49
- version/dnsmasq/2.15
- version/dnsmasq/2.12
- version/dnsmasq/2.18