LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Dnsmasq vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartA­n Coco, Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq did not properly validate its input when processing TFTP requests for files with long names. A remote attacker could cause a denial of service or execute arbitrary code with user privileges.
===========================================================
Ubuntu Security Notice USN-827-1         September 01, 2009
dnsmasq vulnerabilities
CVE-2009-2957, CVE-2009-2958
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  dnsmasq-base                    2.41-2ubuntu2.2

Ubuntu 8.10:
  dnsmasq-base                    2.45-1ubuntu1.1

Ubuntu 9.04:
  dnsmasq-base                    2.47-3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartA­n Coco,
Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq did not
properly validate its input when processing TFTP requests for files with
long names. A remote attacker could cause a denial of service or execute
arbitrary code with user privileges. Dnsmasq runs as the 'dnsmasq' user by
default on Ubuntu. (CVE-2009-2957)

Steve Grubb discovered that Dnsmasq could be made to dereference a NULL
pointer when processing certain TFTP requests. A remote attacker could
cause a denial of service by sending a crafted TFTP request.
(CVE-2009-2958)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubuntu2.2.diff.gz
      Size/MD5:    22736 b0b1196898ba0a1d49dd3d767c1d685c
    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubuntu2.2.dsc
      Size/MD5:      706 ecf4c36193d5063039a63f33712df6e2
    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41.orig.tar.gz
      Size/MD5:   357997 8d0acd6656299a800c4d1be5a1193e39

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.41-2ubuntu2.2_all.deb
      Size/MD5:    11964 e5fa2630695acfe9caa62d0d30a89b01

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.2_amd64.deb
      Size/MD5:   210274 aab9865b6ad46104e28e5db9e98f6c74

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.2_i386.deb
      Size/MD5:   202712 36d3885ee58bdb59ae323c9ea9528f3c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.2_lpia.deb
      Size/MD5:   203286 0c2f1dbfefdbc27905284d323be2023d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.2_powerpc.deb
      Size/MD5:   210564 53e28b512b863f41a605979c2ae4d51e

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.2_sparc.deb
      Size/MD5:   204218 2c03e7df659884baeac446d0a87c8e9e

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45-1ubuntu1.1.diff.gz
      Size/MD5:    15256 100f87ac7b49fd2ad56a1baccd1aeae5
    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45-1ubuntu1.1.dsc
      Size/MD5:     1098 74863177e20c0340d7cf225fb60ac182
    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45.orig.tar.gz
      Size/MD5:   377466 59106495260bb2d0f184f0d4ae88d740

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.45-1ubuntu1.1_all.deb
      Size/MD5:    12164 c78f9591778ad9fdea8744553cfe21d0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.1_amd64.deb
      Size/MD5:   219310 7d5435aeb7bd3b1c8c12c8e830f6e167

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.1_i386.deb
      Size/MD5:   212322 c3053944a71e5be108251e1eadcb206c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.1_lpia.deb
      Size/MD5:   211744 976e638797537eac32e3fd96ec0a78b9

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.1_powerpc.deb
      Size/MD5:   217828 78d5925bd54239598042b81230341f95

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.1_sparc.deb
      Size/MD5:   213498 b43f01c34f8471173bd8177b0300f292

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47-3ubuntu0.1.diff.gz
      Size/MD5:    15599 54f4b48ec1ec03b06a5fa8b2706c0611
    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47-3ubuntu0.1.dsc
      Size/MD5:     1098 786c3dc587ceb870ea724d66ff0085dc
    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47.orig.tar.gz
      Size/MD5:   393306 8bf2bd2dcbd5b3e7a689611d20b51126

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.47-3ubuntu0.1_all.deb
      Size/MD5:    13004 11219fb5f0ecd525a1bfb7ce95fd5e81

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.1_amd64.deb
      Size/MD5:   229344 9c43a00001bb1feef5e3340225fc4704

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.1_i386.deb
      Size/MD5:   221568 e28309342282e463efdf10694046b96c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.1_lpia.deb
      Size/MD5:   221032 19755ca579fa44543f3658d20abbcaac

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.1_powerpc.deb
      Size/MD5:   227238 a30b637a127aa09a0425550be64c5b49

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.1_sparc.deb
      Size/MD5:   222732 0f7dd8d1aabcad788a50b147fd1cb6ba



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.