Buffer overflow : Dnsmasq TFTP Service 2.40 - 2.49 Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.100267

Kategorie: Buffer overflow

Titel: Dnsmasq TFTP Service 2.40 - 2.49 Multiple Vulnerabilities

Zusammenfassung: Dnsmasq is prone to a remotely exploitable; heap-overflow vulnerability because the software fails to properly bounds-check; user-supplied input before copying it into an insufficiently sized memory buffer.

Beschreibung: Summary:
Dnsmasq is prone to a remotely exploitable
heap-overflow vulnerability because the software fails to properly bounds-check
user-supplied input before copying it into an insufficiently sized memory buffer.

Vulnerability Insight:
NOTE: The TFTP service must be enabled for this issue
to be exploitable. This is not the default.

Vulnerability Impact:
Remote attackers can exploit this issue to execute
arbitrary machine code in the context of the vulnerable software on the targeted
user's computer.

Dnsmasq is also prone to a NULL-pointer dereference vulnerability.
An attacker can exploit this issue to crash the affected application, denying
service to legitimate users.

Affected Software/OS:
Dnsmasq 2.40 through 2.49. Older versions are
probably affected too, but they were not checked.

Solution:
Update to version 2.50 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-2957
BugTraq ID: 36121
http://www.securityfocus.com/bid/36121
http://www.coresecurity.com/content/dnsmasq-vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10538
http://www.redhat.com/support/errata/RHSA-2009-1238.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://secunia.com/advisories/36563
http://www.ubuntu.com/usn/USN-827-1
Common Vulnerability Exposure (CVE) ID: CVE-2009-2958
BugTraq ID: 36120
http://www.securityfocus.com/bid/36120
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816

Copyright Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.100267
Kategorie:	Buffer overflow
Titel:	Dnsmasq TFTP Service 2.40 - 2.49 Multiple Vulnerabilities
Zusammenfassung:	Dnsmasq is prone to a remotely exploitable; heap-overflow vulnerability because the software fails to properly bounds-check; user-supplied input before copying it into an insufficiently sized memory buffer.
Beschreibung:	Summary: Dnsmasq is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Vulnerability Insight: NOTE: The TFTP service must be enabled for this issue to be exploitable. This is not the default. Vulnerability Impact: Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user's computer. Dnsmasq is also prone to a NULL-pointer dereference vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Affected Software/OS: Dnsmasq 2.40 through 2.49. Older versions are probably affected too, but they were not checked. Solution: Update to version 2.50 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2957 BugTraq ID: 36121 http://www.securityfocus.com/bid/36121 http://www.coresecurity.com/content/dnsmasq-vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10538 http://www.redhat.com/support/errata/RHSA-2009-1238.html RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://secunia.com/advisories/36563 http://www.ubuntu.com/usn/USN-827-1 Common Vulnerability Exposure (CVE) ID: CVE-2009-2958 BugTraq ID: 36120 http://www.securityfocus.com/bid/36120 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816
Copyright	Copyright (C) 2009 Greenbone Networks GmbH