FreeBSD Local Security Checks : FreeBSD Ports: dnsmasq

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.64829

Kategorie: FreeBSD Local Security Checks

Titel: FreeBSD Ports: dnsmasq

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: dnsmasq

CVE-2009-2957
Heap-based buffer overflow in the tftp_request function in tftp.c in
dnsmasq before 2.50, when --enable-tftp is used, might allow remote
attackers to execute arbitrary code via a long filename in a TFTP
packet, as demonstrated by a read (aka RRQ) request.
CVE-2009-2958
The tftp_request function in tftp.c in dnsmasq before 2.50, when

- -enable-tftp is used, allows remote attackers to cause a denial of
service (NULL pointer dereference and daemon crash) via a TFTP read
(aka RRQ) request with a malformed blksize option.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-2957
BugTraq ID: 36121
http://www.securityfocus.com/bid/36121
http://www.coresecurity.com/content/dnsmasq-vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10538
http://www.redhat.com/support/errata/RHSA-2009-1238.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://secunia.com/advisories/36563
http://www.ubuntu.com/usn/USN-827-1
Common Vulnerability Exposure (CVE) ID: CVE-2009-2958
BugTraq ID: 36120
http://www.securityfocus.com/bid/36120
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816

Copyright Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.64829
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: dnsmasq
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: dnsmasq CVE-2009-2957 Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. CVE-2009-2958 The tftp_request function in tftp.c in dnsmasq before 2.50, when - -enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2957 BugTraq ID: 36121 http://www.securityfocus.com/bid/36121 http://www.coresecurity.com/content/dnsmasq-vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10538 http://www.redhat.com/support/errata/RHSA-2009-1238.html RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://secunia.com/advisories/36563 http://www.ubuntu.com/usn/USN-827-1 Common Vulnerability Exposure (CVE) ID: CVE-2009-2958 BugTraq ID: 36120 http://www.securityfocus.com/bid/36120 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816
Copyright	Copyright (C) 2009 E-Soft Inc.