dnsmasq < 2.50 Multiple Remote TFTP Vulnerabilities

critical Nessus Plugin ID 40875

Synopsis

The remote TFTP service is affected by multiple vulnerabilities.

Description

The remote host is running dnsmasq, a DNS and TFTP server.

The version of dnsmasq installed on the remote host reports itself as lower than 2.50. Such versions include a TFTP server that is reportedly affected by a number of issues:

- A remote heap-overflow vulnerability exists because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently-sized memory buffer. (CVE-2009-2957)

- A malformed TFTP packet can crash dnsmasq with a NULL pointer dereference. (CVE-2009-2958)

Solution

Upgrade to dnsmasq 2.50 or later.

See Also

http://www.coresecurity.com/content/dnsmasq-vulnerabilities

https://seclists.org/fulldisclosure/2009/Aug/450

http://www.nessus.org/u?a0dc0215

http://www.nessus.org/u?7052e1ae

Plugin Details

Severity: Critical

ID: 40875

File Name: dnsmasq_multiple_tftp_flaws.nasl

Version: 1.14

Type: remote

Family: DNS

Published: 9/4/2009

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:thekelleys:dnsmasq

Required KB Items: Settings/ParanoidReport, dns_server/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/31/2009

Vulnerability Publication Date: 8/31/2009

Reference Information

CVE: CVE-2009-2957, CVE-2009-2958

BID: 36120, 36121

CWE: 119, 399