CVE-2009-2958

Publication date 2 September 2009

Last updated 24 July 2024

Ubuntu priority

The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
dnsmasq	9.04 jaunty	Fixed 2.47-3ubuntu0.1
	8.10 intrepid	Fixed 2.45-1ubuntu1.1
	8.04 LTS hardy	Fixed 2.41-2ubuntu2.2
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

Dapper does not have tftp code

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-827-1
Dnsmasq vulnerabilities
1 September 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-2958