Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:1238

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.64673

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2009:1238

Summary: Redhat Security Advisory RHSA-2009:1238

Description: The remote host is missing updates announced in
advisory RHSA-2009:1238.

Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP
server.

Core Security Technologies discovered a heap overflow flaw in dnsmasq when
the TFTP service is enabled (the --enable-tftp command line option, or by
enabling enable-tftp in /etc/dnsmasq.conf). If the configured tftp-root
is sufficiently long, and a remote user sends a request that sends a long
file name, dnsmasq could crash or, possibly, execute arbitrary code with
the privileges of the dnsmasq service (usually the unprivileged nobody
user). (CVE-2009-2957)

A NULL pointer dereference flaw was discovered in dnsmasq when the TFTP
service is enabled. This flaw could allow a malicious TFTP client to crash
the dnsmasq service. (CVE-2009-2958)

Note: The default tftp-root is /var/ftpd, which is short enough to make
it difficult to exploit the CVE-2009-2957 issue
if a longer directory name
is used, arbitrary code execution may be possible. As well, the dnsmasq
package distributed by Red Hat does not have TFTP support enabled by
default.

All users of dnsmasq should upgrade to this updated package, which contains
a backported patch to correct these issues. After installing the updated
package, the dnsmasq service must be restarted for the update to take
effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1238.html
http://www.redhat.com/security/updates/classification/#important

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2957
http://www.coresecurity.com/content/dnsmasq-vulnerabilities
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://www.redhat.com/support/errata/RHSA-2009-1238.html
http://www.ubuntu.com/usn/USN-827-1
BugTraq ID: 36121
http://www.securityfocus.com/bid/36121
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10538
http://secunia.com/advisories/36563
Common Vulnerability Exposure (CVE) ID: CVE-2009-2958
BugTraq ID: 36120
http://www.securityfocus.com/bid/36120
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9816

Copyright Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.64673
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:1238
Summary:	Redhat Security Advisory RHSA-2009:1238
Description:	The remote host is missing updates announced in advisory RHSA-2009:1238. Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP server. Core Security Technologies discovered a heap overflow flaw in dnsmasq when the TFTP service is enabled (the --enable-tftp command line option, or by enabling enable-tftp in /etc/dnsmasq.conf). If the configured tftp-root is sufficiently long, and a remote user sends a request that sends a long file name, dnsmasq could crash or, possibly, execute arbitrary code with the privileges of the dnsmasq service (usually the unprivileged nobody user). (CVE-2009-2957) A NULL pointer dereference flaw was discovered in dnsmasq when the TFTP service is enabled. This flaw could allow a malicious TFTP client to crash the dnsmasq service. (CVE-2009-2958) Note: The default tftp-root is /var/ftpd, which is short enough to make it difficult to exploit the CVE-2009-2957 issue if a longer directory name is used, arbitrary code execution may be possible. As well, the dnsmasq package distributed by Red Hat does not have TFTP support enabled by default. All users of dnsmasq should upgrade to this updated package, which contains a backported patch to correct these issues. After installing the updated package, the dnsmasq service must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2009-1238.html http://www.redhat.com/security/updates/classification/#important
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2957 http://www.coresecurity.com/content/dnsmasq-vulnerabilities RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://www.redhat.com/support/errata/RHSA-2009-1238.html http://www.ubuntu.com/usn/USN-827-1 BugTraq ID: 36121 http://www.securityfocus.com/bid/36121 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10538 http://secunia.com/advisories/36563 Common Vulnerability Exposure (CVE) ID: CVE-2009-2958 BugTraq ID: 36120 http://www.securityfocus.com/bid/36120 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9816
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com