NVD Vulnerability Detail

CVE-2009-2958

Summary	The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
Publication Date	Sept. 3, 2009, 12:30 a.m.
Registration Date	Jan. 29, 2021, 1:22 p.m.
Last Update	Sept. 19, 2017, 10:29 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:thekelleys:dnsmasq:0.4:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.5:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.6:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.7:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.95:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.96:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.98:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.992:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.996:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.0:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.2:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.3:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.4:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.5:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.6:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.7:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.8:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.9:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.10:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.11:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.12:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.13:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.14:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.15:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.16:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.17:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.18:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.0:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.1:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.2:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.3:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.4:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.5:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.6:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.7:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.8:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.9:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.10:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.11:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.12:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.13:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.14:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.15:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.16:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.17:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.18:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.19:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.20:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.21:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.22:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.23:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.24:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.25:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.26:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.27:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.28:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.29:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.30:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.31:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.33:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.34:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.35:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.36:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.37:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.38:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.39:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.40:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.41:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.42:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.43:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.44:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.45:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.46:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.47:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.48:::::::*
cpe:2.3:a:thekelleys:dnsmasq::::::::		2.49

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/36563	SECUNIA
2	http://www.coresecurity.com/content/dnsmasq-vulnerabilities	MISC
3	http://www.redhat.com/support/errata/RHSA-2009-1238.html	REDHAT
4	http://www.securityfocus.com/bid/36120	BID
5	http://www.thekelleys.org.uk/dnsmasq/CHANGELOG	CONFIRM
6	http://www.ubuntu.com/usn/USN-827-1	UBUNTU
7	https://bugzilla.redhat.com/show_bug.cgi?id=519020	CONFIRM
8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816	OVAL
9	https://rhn.redhat.com/errata/RHSA-2010-0095.html	REDHAT

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:thekelleys:dnsmasq:0.4:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.5:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.6:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.7:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.95:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.96:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.98:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.992:::::::*
cpe:2.3:a:thekelleys:dnsmasq:0.996:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.0:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.2:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.3:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.4:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.5:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.6:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.7:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.8:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.9:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.10:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.11:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.12:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.13:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.14:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.15:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.16:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.17:::::::*
cpe:2.3:a:thekelleys:dnsmasq:1.18:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.0:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.1:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.2:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.3:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.4:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.5:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.6:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.7:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.8:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.9:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.10:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.11:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.12:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.13:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.14:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.15:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.16:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.17:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.18:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.19:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.20:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.21:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.22:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.23:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.24:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.25:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.26:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.27:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.28:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.29:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.30:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.31:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.33:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.34:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.35:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.36:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.37:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.38:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.39:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.40:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.41:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.42:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.43:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.44:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.45:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.46:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.47:::::::*
cpe:2.3:a:thekelleys:dnsmasq:2.48:::::::*
cpe:2.3:a:thekelleys:dnsmasq::::::::		2.49