CVE-2009-2958

Publication date 2 September 2009

Last updated 24 July 2024

Ubuntu priority

The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dnsmasq	9.04 jaunty	Fixed 2.47-3ubuntu0.1
	8.10 intrepid	Fixed 2.45-1ubuntu1.1
	8.04 LTS hardy	Fixed 2.41-2ubuntu2.2
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

Dapper does not have tftp code

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-827-1
Dnsmasq vulnerabilities
1 September 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-2958