Rapid7 Vulnerability & Exploit Database

RHSA-2009:1238: dnsmasq security update

Back to Search

RHSA-2009:1238: dnsmasq security update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
09/02/2009
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCPserver.Core Security Technologies discovered a heap overflow flaw in dnsmasq whenthe TFTP service is enabled (the "--enable-tftp" command line option, or byenabling "enable-tftp" in "/etc/dnsmasq.conf"). If the configured tftp-rootis sufficiently long, and a remote user sends a request that sends a longfile name, dnsmasq could crash or, possibly, execute arbitrary code withthe privileges of the dnsmasq service (usually the unprivileged "nobody"user). (CVE-2009-2957)A NULL pointer dereference flaw was discovered in dnsmasq when the TFTPservice is enabled. This flaw could allow a malicious TFTP client to crashthe dnsmasq service. (CVE-2009-2958)Note: The default tftp-root is "/var/ftpd", which is short enough to makeit difficult to exploit the CVE-2009-2957 issue; if a longer directory nameis used, arbitrary code execution may be possible. As well, the dnsmasqpackage distributed by Red Hat does not have TFTP support enabled bydefault.All users of dnsmasq should upgrade to this updated package, which containsa backported patch to correct these issues. After installing the updatedpackage, the dnsmasq service must be restarted for the update to takeeffect.

Solution(s)

  • redhat-upgrade-dnsmasq

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;