Vulnerability Name:

CVE-2009-2957 (CCN-52973)

Assigned:2009-08-31
Published:2009-08-31
Updated:2017-09-19
Summary:Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-2957

Source: CCN
Type: RHSA-2009-1238
Important: dnsmasq security update

Source: CCN
Type: SA36394
Dnsmasq Denial of Service and Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
36563

Source: CCN
Type: CORE-2009-0820
Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server

Source: MISC
Type: Patch
http://www.coresecurity.com/content/dnsmasq-vulnerabilities

Source: DEBIAN
Type: DSA-1876
dnsmasq -- buffer overflow

Source: CCN
Type: GLSA-200909-19
Dnsmasq: Multiple vulnerabilities

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1238

Source: BID
Type: Patch
36121

Source: CCN
Type: BID-36121
Dnsmasq TFTP Service Remote Heap Buffer Overflow Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

Source: CCN
Type: Dnsmasq Web page
Dnsmasq

Source: CCN
Type: USN-827-1
Dnsmasq vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-827-1

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=519020

Source: XF
Type: UNKNOWN
dnsmasq-tftprequest-bo(52973)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10538

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0095

Source: SUSE
Type: SUSE-SR:2009:014
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:thekelleys:dnsmasq:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.7:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.95:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.96:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.98:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.992:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.996:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.6:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.7:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.8:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.9:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.10:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.11:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.12:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.13:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.14:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.15:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.16:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.17:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.18:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.7:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.9:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.10:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.11:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.12:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.13:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.14:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.15:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.16:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.17:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.18:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.19:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.20:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.21:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.22:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.23:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.24:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.25:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.26:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.27:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.28:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.29:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.30:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.31:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.33:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.34:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.35:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.36:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.37:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.38:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.39:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.40:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.41:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.42:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.43:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.44:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.45:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.46:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.47:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.48:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* (Version <= 2.49)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:thekelleys:dnsmasq:2.43:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.40:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.41:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.42:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.44:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.45:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.46:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.47:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.48:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.49:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20092957
    V
    		CVE-2009-2957
    2015-11-16
    oval:org.mitre.oval:def:29359
    P
    		RHSA-2009:1238 -- dnsmasq security update (Important)
    2015-08-17
    oval:org.mitre.oval:def:22599
    P
    		ELSA-2009:1238: dnsmasq security update (Important)
    2014-07-21
    oval:org.mitre.oval:def:13921
    P
    		USN-827-1 -- dnsmasq vulnerabilities
    2014-07-07
    oval:org.mitre.oval:def:13718
    P
    		DSA-1876-1 dnsmasq -- buffer overflow
    2014-06-23
    oval:org.mitre.oval:def:7920
    P
    		DSA-1876 dnsmasq -- buffer overflow
    2014-06-23
    oval:org.mitre.oval:def:10538
    V
    		Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
    2013-04-29
    oval:com.redhat.rhsa:def:20091238
    P
    		RHSA-2009:1238: dnsmasq security update (Important)
    2009-09-01
    oval:org.debian:def:1876
    V
    		buffer overflow
    2009-09-01
    BACK
    thekelleys dnsmasq 0.4
    thekelleys dnsmasq 0.5
    thekelleys dnsmasq 0.6
    thekelleys dnsmasq 0.7
    thekelleys dnsmasq 0.95
    thekelleys dnsmasq 0.96
    thekelleys dnsmasq 0.98
    thekelleys dnsmasq 0.992
    thekelleys dnsmasq 0.996
    thekelleys dnsmasq 1.0
    thekelleys dnsmasq 1.2
    thekelleys dnsmasq 1.3
    thekelleys dnsmasq 1.4
    thekelleys dnsmasq 1.5
    thekelleys dnsmasq 1.6
    thekelleys dnsmasq 1.7
    thekelleys dnsmasq 1.8
    thekelleys dnsmasq 1.9
    thekelleys dnsmasq 1.10
    thekelleys dnsmasq 1.11
    thekelleys dnsmasq 1.12
    thekelleys dnsmasq 1.13
    thekelleys dnsmasq 1.14
    thekelleys dnsmasq 1.15
    thekelleys dnsmasq 1.16
    thekelleys dnsmasq 1.17
    thekelleys dnsmasq 1.18
    thekelleys dnsmasq 2.0
    thekelleys dnsmasq 2.1
    thekelleys dnsmasq 2.2
    thekelleys dnsmasq 2.3
    thekelleys dnsmasq 2.4
    thekelleys dnsmasq 2.5
    thekelleys dnsmasq 2.6
    thekelleys dnsmasq 2.7
    thekelleys dnsmasq 2.8
    thekelleys dnsmasq 2.9
    thekelleys dnsmasq 2.10
    thekelleys dnsmasq 2.11
    thekelleys dnsmasq 2.12
    thekelleys dnsmasq 2.13
    thekelleys dnsmasq 2.14
    thekelleys dnsmasq 2.15
    thekelleys dnsmasq 2.16
    thekelleys dnsmasq 2.17
    thekelleys dnsmasq 2.18
    thekelleys dnsmasq 2.19
    thekelleys dnsmasq 2.20
    thekelleys dnsmasq 2.21
    thekelleys dnsmasq 2.22
    thekelleys dnsmasq 2.23
    thekelleys dnsmasq 2.24
    thekelleys dnsmasq 2.25
    thekelleys dnsmasq 2.26
    thekelleys dnsmasq 2.27
    thekelleys dnsmasq 2.28
    thekelleys dnsmasq 2.29
    thekelleys dnsmasq 2.30
    thekelleys dnsmasq 2.31
    thekelleys dnsmasq 2.33
    thekelleys dnsmasq 2.34
    thekelleys dnsmasq 2.35
    thekelleys dnsmasq 2.36
    thekelleys dnsmasq 2.37
    thekelleys dnsmasq 2.38
    thekelleys dnsmasq 2.39
    thekelleys dnsmasq 2.40
    thekelleys dnsmasq 2.41
    thekelleys dnsmasq 2.42
    thekelleys dnsmasq 2.43
    thekelleys dnsmasq 2.44
    thekelleys dnsmasq 2.45
    thekelleys dnsmasq 2.46
    thekelleys dnsmasq 2.47
    thekelleys dnsmasq 2.48
    thekelleys dnsmasq *
    thekelleys dnsmasq 2.43
    thekelleys dnsmasq 2.40
    thekelleys dnsmasq 2.41
    thekelleys dnsmasq 2.42
    thekelleys dnsmasq 2.44
    thekelleys dnsmasq 2.45
    thekelleys dnsmasq 2.46
    thekelleys dnsmasq 2.47
    thekelleys dnsmasq 2.48
    thekelleys dnsmasq 2.49
    gentoo linux *
    redhat enterprise linux 5
    redhat enterprise linux 5
    canonical ubuntu 8.04
    debian debian linux 5.0