OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[ GLSA 200909-19 ] Dnsmasq: Multiple vulnerabilities

From: Alex Legler (a3ligentoo.org)
Date: Sun Sep 20 2009 - 13:58:46 CDT


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200909-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Dnsmasq: Multiple vulnerabilities
      Date: September 20, 2009
      Bugs: #282653
        ID: 200909-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in Dnsmasq might result in the remote
execution of arbitrary code, or a Denial of Service.

Background
==========

Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
server. It includes support for Trivial FTP (TFTP).

Affected packages
=================

    -------------------------------------------------------------------
     Package / Vulnerable / Unaffected
    -------------------------------------------------------------------
  1 net-dns/dnsmasq < 2.5.0 >= 2.5.0

Description
===========

Multiple vulnerabilities have been reported in the TFTP functionality
included in Dnsmasq:

* Pablo Jorge and Alberto Solino discovered a heap-based buffer
  overflow (CVE-2009-2957).

* An anonymous researcher reported a NULL pointer reference
  (CVE-2009-2958).

Impact
======

A remote attacker in the local network could exploit these
vulnerabilities by sending specially crafted TFTP requests to a machine
running Dnsmasq, possibly resulting in the remote execution of
arbitrary code with the privileges of the user running the daemon, or a
Denial of Service. NOTE: The TFTP server is not enabled by default.

Workaround
==========

You can disable the TFTP server either at buildtime by not enabling the
"tftp" USE flag, or at runtime. Make sure "--enable-tftp" is not set in
the DNSMASQ_OPTS variable in the /etc/conf.d/dnsmasq file and
"enable-tftp" is not set in /etc/dnsmasq.conf, either of which would
enable TFTP support if it is compiled in.

Resolution
==========

All Dnsmasq users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose =net-dns/dnsmasq-2.5.0

References
==========

  [ 1 ] CVE-2009-2957
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2957
  [ 2 ] CVE-2009-2958
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2958

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200909-19.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
securitygentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5