RHSA-2009:1238: Important: dnsmasq security update

First published: Mon Aug 31 2009(Updated: )

Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP<br>server.<br>Core Security Technologies discovered a heap overflow flaw in dnsmasq when<br>the TFTP service is enabled (the "--enable-tftp" command line option, or by<br>enabling "enable-tftp" in "/etc/dnsmasq.conf"). If the configured tftp-root<br>is sufficiently long, and a remote user sends a request that sends a long<br>file name, dnsmasq could crash or, possibly, execute arbitrary code with<br>the privileges of the dnsmasq service (usually the unprivileged "nobody"<br>user). (CVE-2009-2957)<br>A NULL pointer dereference flaw was discovered in dnsmasq when the TFTP<br>service is enabled. This flaw could allow a malicious TFTP client to crash<br>the dnsmasq service. (CVE-2009-2958)<br>Note: The default tftp-root is "/var/ftpd", which is short enough to make<br>it difficult to exploit the CVE-2009-2957 issue; if a longer directory name<br>is used, arbitrary code execution may be possible. As well, the dnsmasq<br>package distributed by Red Hat does not have TFTP support enabled by<br>default.<br>All users of dnsmasq should upgrade to this updated package, which contains<br>a backported patch to correct these issues. After installing the updated<br>package, the dnsmasq service must be restarted for the update to take<br>effect.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2009:1238
• agent/software-canonical-lookup
• package-manager/redhat