CVE-2009-2958
published 2009-09-02CVE-2009-2958: The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
10.38%
95.2th percentile
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
Affected
81 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dnsmasq | < dnsmasq 2.50-1 (bookworm) | dnsmasq 2.50-1 (bookworm) |
| thekelleys | dnsmasq | <= 2.49 | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_ubuntu6.8MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m4qp-3gf5-73rm: The tftp_request function in tftp
ghsa_unreviewed·2022-05-02
CVE-2009-2958 [MEDIUM] GHSA-m4qp-3gf5-73rm: The tftp_request function in tftp
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
OSV
CVE-2009-2958: The tftp_request function in tftp
osv·2009-09-02·CVSS 4.3
CVE-2009-2958 [MEDIUM] CVE-2009-2958: The tftp_request function in tftp
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
Ubuntu
Dnsmasq vulnerabilities
vendor_ubuntu·2009-09-01·CVSS 6.8
CVE-2009-2957 [MEDIUM] Dnsmasq vulnerabilities
Title: Dnsmasq vulnerabilities
Summary: Dnsmasq vulnerabilities
IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartAn Coco,
Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq did not
properly validate its input when processing TFTP requests for files with
long names. A remote attacker could cause a denial of service or execute
arbitrary code with user privileges. Dnsmasq runs as the 'dnsmasq' user by
default on Ubuntu. (CVE-2009-2957)
Steve Grubb discovered that Dnsmasq could be made to dereference a NULL
pointer when processing certain TFTP requests. A remote attacker could
cause a denial of service by sending a crafted TFTP request.
(CVE-2009-2958)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
dnsmasq: multiple vulnerabilities in TFTP server
vendor_redhat·2009-08-31·CVSS 4.3
CVE-2009-2958 [MEDIUM] dnsmasq: multiple vulnerabilities in TFTP server
dnsmasq: multiple vulnerabilities in TFTP server
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
Debian
CVE-2009-2958: dnsmasq - The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp i...
vendor_debian·2009·CVSS 4.3
CVE-2009-2958 [MEDIUM] CVE-2009-2958: dnsmasq - The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp i...
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
Scope: local
bookworm: resolved (fixed in 2.50-1)
bullseye: resolved (fixed in 2.50-1)
forky: resolved (fixed in 2.50-1)
sid: resolved (fixed in 2.50-1)
trixie: resolved (fixed in 2.50-1)
No detection rules found.
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
Bugzilla
CVE-2009-2957, CVE-2009-2958 dnsmasq: multiple vulnerabilities in TFTP server
bugzilla·2009-08-24·CVSS 6.8
CVE-2009-2957 [MEDIUM] CVE-2009-2957, CVE-2009-2958 dnsmasq: multiple vulnerabilities in TFTP server
CVE-2009-2957, CVE-2009-2958 dnsmasq: multiple vulnerabilities in TFTP server
Core Security Technologies discovered a heap overflow vulnerability in dnsmasq when the TFTP service is enabled ('--enable-tftp'). If the configured tftp-prefix is sufficiently long, and a remote user sent a request which sends a long file name, dnsmasq could crash or, possibly, execute arbitrary code with root privileges.
The default tftp-prefix is /var/tftpd, which is short enough to make this difficult to exploit; if a longer prefix is used then arbitrary code execution may be possible. As well, Red Hat does not have TFTP support enabled by default.
Discussion:
CORE has provided two CVE names:
CVE-2009-2957 for the heap overflow issue they found (possibly arbitrary code execution).
CVE-2009-2958 for the
http://secunia.com/advisories/36563http://www.coresecurity.com/content/dnsmasq-vulnerabilitieshttp://www.redhat.com/support/errata/RHSA-2009-1238.htmlhttp://www.securityfocus.com/bid/36120http://www.thekelleys.org.uk/dnsmasq/CHANGELOGhttp://www.ubuntu.com/usn/USN-827-1https://bugzilla.redhat.com/show_bug.cgi?id=519020https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816https://rhn.redhat.com/errata/RHSA-2010-0095.htmlhttp://secunia.com/advisories/36563http://www.coresecurity.com/content/dnsmasq-vulnerabilitieshttp://www.redhat.com/support/errata/RHSA-2009-1238.htmlhttp://www.securityfocus.com/bid/36120http://www.thekelleys.org.uk/dnsmasq/CHANGELOGhttp://www.ubuntu.com/usn/USN-827-1https://bugzilla.redhat.com/show_bug.cgi?id=519020https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816https://rhn.redhat.com/errata/RHSA-2010-0095.html
2009-09-02
Published