Summary: | <net-dns/dnsmasq-2.5.0[tftp] Multiple vulnerabilities (CVE-2009-{2957,2958}) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | amne, chutzpah | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.coresecurity.com/content/dnsmasq-vulnerabilities | ||||||
Whiteboard: | C1 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Alex Legler (RETIRED)
2009-08-25 09:17:38 UTC
I'll attach a patch we got from upstream. Chutzpah, please prepare an ebuild that applies this patch and attach it to the bug, we can do prestabling here then. As usual, no commits to CVS before the issue is public, please. Created attachment 202237 [details, diff]
dnsmasq-CVE-2009-2957+2958.patch
This is now public per $URL. Adapting whiteboard. +*dnsmasq-2.50 (31 Aug 2009) + + 31 Aug 2009; Alex Legler <a3li@gentoo.org> -dnsmasq-2.46.ebuild, + -dnsmasq-2.47.ebuild, -dnsmasq-2.49.ebuild, +dnsmasq-2.50.ebuild: + Non-maintainer commit: Version bump for security bug 282653. Removing + unneded vulnerable versions. + Arches, please test and mark stable: =net-dns/dnsmasq-2.50 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" x86 stable Stable for HPPA. alpha/arm/ia64/s390/sh/sparc stable CVE-2009-2957 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2957): Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. CVE-2009-2958 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2958): The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. amd64 stable ppc64 done If it's any help, net-dns/dnsmasq-2.50 with USE="dhcp ipv6 nls tftp -dbus" builds fine on ppc here, dns and dhcp work fine too (don't know about tftp, haven't used it). ppc stable. thanks amne :) GLSA 200909-19, thanks everyone. |