Vulnerability Name:

CVE-2009-2958 (CCN-52974)

Assigned:2009-08-31
Published:2009-08-31
Updated:2017-09-19
Summary:The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-2958

Source: CCN
Type: RHSA-2009-1238
Important: dnsmasq security update

Source: CCN
Type: SA36394
Dnsmasq Denial of Service and Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
36563

Source: CCN
Type: CORE-2009-0820
Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server

Source: MISC
Type: UNKNOWN
http://www.coresecurity.com/content/dnsmasq-vulnerabilities

Source: DEBIAN
Type: DSA-1876
dnsmasq -- buffer overflow

Source: CCN
Type: GLSA-200909-19
Dnsmasq: Multiple vulnerabilities

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1238

Source: BID
Type: UNKNOWN
36120

Source: CCN
Type: BID-36120
Dnsmasq TFTP Service Remote NULL-Pointer Dereference Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

Source: CCN
Type: Dnsmasq Web page
Dnsmasq

Source: CCN
Type: USN-827-1
Dnsmasq vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-827-1

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=519020

Source: XF
Type: UNKNOWN
dnsmasq-tftprequest-dos(52974)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9816

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0095

Source: SUSE
Type: SUSE-SR:2009:014
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:thekelleys:dnsmasq:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.7:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.95:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.96:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.98:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.992:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:0.996:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.6:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.7:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.8:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.9:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.10:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.11:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.12:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.13:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.14:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.15:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.16:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.17:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:1.18:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.7:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.9:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.10:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.11:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.12:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.13:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.14:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.15:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.16:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.17:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.18:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.19:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.20:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.21:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.22:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.23:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.24:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.25:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.26:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.27:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.28:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.29:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.30:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.31:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.33:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.34:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.35:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.36:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.37:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.38:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.39:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.40:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.41:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.42:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.43:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.44:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.45:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.46:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.47:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.48:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* (Version <= 2.49)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:thekelleys:dnsmasq:2.43:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.40:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.41:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.42:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.44:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.45:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.46:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.47:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.48:*:*:*:*:*:*:*
  • OR cpe:/a:thekelleys:dnsmasq:2.49:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20092958
    V
    		CVE-2009-2958
    2015-11-16
    oval:org.mitre.oval:def:29359
    P
    		RHSA-2009:1238 -- dnsmasq security update (Important)
    2015-08-17
    oval:org.mitre.oval:def:22599
    P
    		ELSA-2009:1238: dnsmasq security update (Important)
    2014-07-21
    oval:org.mitre.oval:def:13921
    P
    		USN-827-1 -- dnsmasq vulnerabilities
    2014-07-07
    oval:org.mitre.oval:def:13718
    P
    		DSA-1876-1 dnsmasq -- buffer overflow
    2014-06-23
    oval:org.mitre.oval:def:7920
    P
    		DSA-1876 dnsmasq -- buffer overflow
    2014-06-23
    oval:org.mitre.oval:def:9816
    V
    		The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
    2013-04-29
    oval:com.redhat.rhsa:def:20091238
    P
    		RHSA-2009:1238: dnsmasq security update (Important)
    2009-09-01
    oval:org.debian:def:1876
    V
    		buffer overflow
    2009-09-01
    BACK
    thekelleys dnsmasq 0.4
    thekelleys dnsmasq 0.5
    thekelleys dnsmasq 0.6
    thekelleys dnsmasq 0.7
    thekelleys dnsmasq 0.95
    thekelleys dnsmasq 0.96
    thekelleys dnsmasq 0.98
    thekelleys dnsmasq 0.992
    thekelleys dnsmasq 0.996
    thekelleys dnsmasq 1.0
    thekelleys dnsmasq 1.2
    thekelleys dnsmasq 1.3
    thekelleys dnsmasq 1.4
    thekelleys dnsmasq 1.5
    thekelleys dnsmasq 1.6
    thekelleys dnsmasq 1.7
    thekelleys dnsmasq 1.8
    thekelleys dnsmasq 1.9
    thekelleys dnsmasq 1.10
    thekelleys dnsmasq 1.11
    thekelleys dnsmasq 1.12
    thekelleys dnsmasq 1.13
    thekelleys dnsmasq 1.14
    thekelleys dnsmasq 1.15
    thekelleys dnsmasq 1.16
    thekelleys dnsmasq 1.17
    thekelleys dnsmasq 1.18
    thekelleys dnsmasq 2.0
    thekelleys dnsmasq 2.1
    thekelleys dnsmasq 2.2
    thekelleys dnsmasq 2.3
    thekelleys dnsmasq 2.4
    thekelleys dnsmasq 2.5
    thekelleys dnsmasq 2.6
    thekelleys dnsmasq 2.7
    thekelleys dnsmasq 2.8
    thekelleys dnsmasq 2.9
    thekelleys dnsmasq 2.10
    thekelleys dnsmasq 2.11
    thekelleys dnsmasq 2.12
    thekelleys dnsmasq 2.13
    thekelleys dnsmasq 2.14
    thekelleys dnsmasq 2.15
    thekelleys dnsmasq 2.16
    thekelleys dnsmasq 2.17
    thekelleys dnsmasq 2.18
    thekelleys dnsmasq 2.19
    thekelleys dnsmasq 2.20
    thekelleys dnsmasq 2.21
    thekelleys dnsmasq 2.22
    thekelleys dnsmasq 2.23
    thekelleys dnsmasq 2.24
    thekelleys dnsmasq 2.25
    thekelleys dnsmasq 2.26
    thekelleys dnsmasq 2.27
    thekelleys dnsmasq 2.28
    thekelleys dnsmasq 2.29
    thekelleys dnsmasq 2.30
    thekelleys dnsmasq 2.31
    thekelleys dnsmasq 2.33
    thekelleys dnsmasq 2.34
    thekelleys dnsmasq 2.35
    thekelleys dnsmasq 2.36
    thekelleys dnsmasq 2.37
    thekelleys dnsmasq 2.38
    thekelleys dnsmasq 2.39
    thekelleys dnsmasq 2.40
    thekelleys dnsmasq 2.41
    thekelleys dnsmasq 2.42
    thekelleys dnsmasq 2.43
    thekelleys dnsmasq 2.44
    thekelleys dnsmasq 2.45
    thekelleys dnsmasq 2.46
    thekelleys dnsmasq 2.47
    thekelleys dnsmasq 2.48
    thekelleys dnsmasq *
    thekelleys dnsmasq 2.43
    thekelleys dnsmasq 2.40
    thekelleys dnsmasq 2.41
    thekelleys dnsmasq 2.42
    thekelleys dnsmasq 2.44
    thekelleys dnsmasq 2.45
    thekelleys dnsmasq 2.46
    thekelleys dnsmasq 2.47
    thekelleys dnsmasq 2.48
    thekelleys dnsmasq 2.49
    gentoo linux *
    redhat enterprise linux 5
    redhat enterprise linux 5
    canonical ubuntu 8.04
    debian debian linux 5.0