FreeBSD : dnsmasq -- data exposure and denial of service (37569eb7-0125-11e5-9d98-080027ef73ec)
Medium Nessus Plugin ID 83793
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionNick Sampanis reported a potential memory exposure and denial of service vulnerability against dnsmasq 2.72. The CVE entry summarizes this as :
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.'
SolutionUpdate the affected packages.