Bug 519020 (CVE-2009-2957, CVE-2009-2958)
Summary: | CVE-2009-2957, CVE-2009-2958 dnsmasq: multiple vulnerabilities in TFTP server | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | security-response-team, sgrubb, veillard |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-03-29 10:11:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 519021, 519022, 520512, 833889 | ||
Bug Blocks: |
Description
Vincent Danen
2009-08-24 16:09:49 UTC
CORE has provided two CVE names: CVE-2009-2957 for the heap overflow issue they found (possibly arbitrary code execution). CVE-2009-2958 for the NULL-pointer dereference Steve found (remote DoS). The disclosure date is August 31st. This is not a critical issue. dnsmasq starts up as root but by default drops privileges to run as user nobody. Because it runs non-privileged, and because of the non-default configuration requirements (i.e. enabling TFTP requires running dnsmasq without the initscript or modifying the initscript to enable it), as well as the fact that dnsmasq should realistically only ever be available to the local area network and not the internet-at-large, makes this an important impact issue. Embargo is lifted; 2.50 is available: http://www.thekelleys.org.uk/dnsmasq/ This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1238 https://rhn.redhat.com/errata/RHSA-2009-1238.html Core Security advisory: http://www.coresecurity.com/content/dnsmasq-vulnerabilities dnsmasq-2.46-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. dnsmasq-2.46-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |