Oracle Linux 5 : dnsmasq (ELSA-2009-1238)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote Oracle Linux host is missing a security update.

Description :

From Red Hat Security Advisory 2009:1238 :

An updated dnsmasq package that fixes two security issues is now
available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP

Core Security Technologies discovered a heap overflow flaw in dnsmasq
when the TFTP service is enabled (the '--enable-tftp' command line
option, or by enabling 'enable-tftp' in '/etc/dnsmasq.conf'). If the
configured tftp-root is sufficiently long, and a remote user sends a
request that sends a long file name, dnsmasq could crash or, possibly,
execute arbitrary code with the privileges of the dnsmasq service
(usually the unprivileged 'nobody' user). (CVE-2009-2957)

A NULL pointer dereference flaw was discovered in dnsmasq when the
TFTP service is enabled. This flaw could allow a malicious TFTP client
to crash the dnsmasq service. (CVE-2009-2958)

Note: The default tftp-root is '/var/ftpd', which is short enough to
make it difficult to exploit the CVE-2009-2957 issue; if a longer
directory name is used, arbitrary code execution may be possible. As
well, the dnsmasq package distributed by Red Hat does not have TFTP
support enabled by default.

All users of dnsmasq should upgrade to this updated package, which
contains a backported patch to correct these issues. After installing
the updated package, the dnsmasq service must be restarted for the
update to take effect.

See also :

Solution :

Update the affected dnsmasq package.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 67918 ()

Bugtraq ID: 36120

CVE ID: CVE-2009-2957

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now