CVE-2008-3214
Published: 18 July 2008
dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.
Notes
Author | Note |
---|---|
jdstrand | 6.06 only. PoC exists and trivially exploitable openwall reference has reproducer |
Priority
Status
Package | Release | Status |
---|---|---|
dnsmasq Launchpad, Ubuntu, Debian |
dapper |
Released
(2.25-1ubuntu0.1)
|
feisty |
Not vulnerable
(2.37-1)
|
|
gutsy |
Not vulnerable
(2.39-1)
|
|
hardy |
Not vulnerable
(2.41-2ubuntu1)
|
|
upstream |
Released
(2.26)
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/47438 |