This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote OracleVM host is missing a security update.
The remote OracleVM system is missing necessary patches to address
critical security updates :
CVE-2009-2957 Heap-based buffer overflow in the tftp_request function
in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might
allow remote attackers to execute arbitrary code via a long filename
in a TFTP packet, as demonstrated by a read (aka RRQ) request.
CVE-2009-2958 The tftp_request function in tftp.c in dnsmasq before
--enable-tftp is used, allows remote attackers to cause a denial of
service (NULL pointer dereference and daemon crash) via a TFTP read
(aka RRQ) request with a malformed blksize option.
- problems with strings when enabling tftp (CVE-2009-2957,
- Resolves: rhbg#519021
- update to new upstream version
- fixes for CVE-2008-1447/CERT VU#800113
- Resolves: rhbz#454869
See also :
Update the affected dnsmasq package.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 6.5
Public Exploit Available : true