Signature Detail

TFTP: Dnsmasq Service Remote NULL-Pointer Dereference Vulnerability

This signature detects attempts to exploit a known vulnerability against dnsmasq. A successful attack can result in a denial-of-service condition.

Extended Description

Dnsmasq is prone to a NULL-pointer dereference vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. NOTE: The TFTP service must be enabled for this issue to be exploitable; this is not the default. Versions *prior to* Dnsmasq 2.50 are vulnerable.

Affected Products

• Debian Linux 5.0
• Debian Linux 5.0 Alpha
• Debian Linux 5.0 Amd64
• Debian Linux 5.0 Arm
• Debian Linux 5.0 Armel
• Debian Linux 5.0 Hppa
• Debian Linux 5.0 Ia-32
• Debian Linux 5.0 Ia-64
• Debian Linux 5.0 M68k
• Debian Linux 5.0 Mips
• Debian Linux 5.0 Mipsel
• Debian Linux 5.0 Powerpc
• Debian Linux 5.0 S/390
• Debian Linux 5.0 Sparc
• Dnsmasq 2.40
• Dnsmasq 2.41
• Dnsmasq 2.42
• Dnsmasq 2.43
• Dnsmasq 2.44
• Dnsmasq 2.45
• Dnsmasq 2.46
• Dnsmasq 2.47
• Dnsmasq 2.48
• Dnsmasq 2.49
• Gentoo Linux
• Pardus Linux 2009
• Red Hat Enterprise Linux 5 Server
• Red Hat Enterprise Linux Desktop 5 Client
• Red Hat Fedora 10
• Red Hat Fedora 11
• SuSE openSUSE 10.3
• SuSE openSUSE 11.0
• SuSE openSUSE 11.1
• SuSE SUSE Linux Enterprise 11
• Ubuntu Ubuntu Linux 8.04 LTS Amd64
• Ubuntu Ubuntu Linux 8.04 LTS I386
• Ubuntu Ubuntu Linux 8.04 LTS Lpia
• Ubuntu Ubuntu Linux 8.04 LTS Powerpc
• Ubuntu Ubuntu Linux 8.04 LTS Sparc
• Ubuntu Ubuntu Linux 8.10 Amd64
• Ubuntu Ubuntu Linux 8.10 I386
• Ubuntu Ubuntu Linux 8.10 Lpia
• Ubuntu Ubuntu Linux 8.10 Powerpc
• Ubuntu Ubuntu Linux 8.10 Sparc
• Ubuntu Ubuntu Linux 9.04 Amd64
• Ubuntu Ubuntu Linux 9.04 I386
• Ubuntu Ubuntu Linux 9.04 Lpia
• Ubuntu Ubuntu Linux 9.04 Powerpc
• Ubuntu Ubuntu Linux 9.04 Sparc

References

• BugTraq: 36120
• CVE: CVE-2009-2958