FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dnsmasq -- TFTP server remote code injection vulnerability

Affected packages
dnsmasq < 2.50


VuXML ID 80aa98e0-97b4-11de-b946-0030843d3802
Discovery 2009-08-31
Entry 2009-09-02

Simon Kelley reports:

Fix security problem which allowed any host permitted to do TFTP to possibly compromise dnsmasq by remote buffer overflow when TFTP enabled.

Fix a problem which allowed a malicious TFTP client to crash dnsmasq.


Bugtraq ID 36120
Bugtraq ID 36121
CVE Name CVE-2009-2957
CVE Name CVE-2009-2958