Skip to navigation

Security Advisory Important: dnsmasq security update

Advisory: RHSA-2009:1238-1
Type: Security Advisory
Severity: Important
Issued on: 2009-08-31
Last updated on: 2009-08-31
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux Long Life (v. 5.3 server)
CVEs (cve.mitre.org): CVE-2009-2957
CVE-2009-2958

Details

An updated dnsmasq package that fixes two security issues is now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP
server.

Core Security Technologies discovered a heap overflow flaw in dnsmasq when
the TFTP service is enabled (the "--enable-tftp" command line option, or by
enabling "enable-tftp" in "/etc/dnsmasq.conf"). If the configured tftp-root
is sufficiently long, and a remote user sends a request that sends a long
file name, dnsmasq could crash or, possibly, execute arbitrary code with
the privileges of the dnsmasq service (usually the unprivileged "nobody"
user). (CVE-2009-2957)

A NULL pointer dereference flaw was discovered in dnsmasq when the TFTP
service is enabled. This flaw could allow a malicious TFTP client to crash
the dnsmasq service. (CVE-2009-2958)

Note: The default tftp-root is "/var/ftpd", which is short enough to make
it difficult to exploit the CVE-2009-2957 issue; if a longer directory name
is used, arbitrary code execution may be possible. As well, the dnsmasq
package distributed by Red Hat does not have TFTP support enabled by
default.

All users of dnsmasq should upgrade to this updated package, which contains
a backported patch to correct these issues. After installing the updated
package, the dnsmasq service must be restarted for the update to take
effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
dnsmasq-2.45-1.1.el5_3.src.rpm     MD5: 6ee54c80fad8cff45f51aed2e0869c2a
SHA-256: d5ee8b66720c40cb1e556145eb8fcaee0adbd0d72d8f66bbb84d5bb6a2c5d117
 
IA-32:
dnsmasq-2.45-1.1.el5_3.i386.rpm     MD5: 0074b6c02921d573e416f7d0f03182b3
 
IA-64:
dnsmasq-2.45-1.1.el5_3.ia64.rpm     MD5: f63b8930b3b3af4138d80cbae7dd1407
 
PPC:
dnsmasq-2.45-1.1.el5_3.ppc.rpm     MD5: c58837805be2cf98f43bc32e9f2c3ff9
 
s390x:
dnsmasq-2.45-1.1.el5_3.s390x.rpm     MD5: f69204df9efe6dcf17c9fe5edd4898c4
 
x86_64:
dnsmasq-2.45-1.1.el5_3.x86_64.rpm     MD5: 85078b9aa289efa8c5c8464d1c7a6289
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
dnsmasq-2.45-1.1.el5_3.src.rpm     MD5: 6ee54c80fad8cff45f51aed2e0869c2a
SHA-256: d5ee8b66720c40cb1e556145eb8fcaee0adbd0d72d8f66bbb84d5bb6a2c5d117
 
IA-32:
dnsmasq-2.45-1.1.el5_3.i386.rpm     MD5: 0074b6c02921d573e416f7d0f03182b3
 
x86_64:
dnsmasq-2.45-1.1.el5_3.x86_64.rpm     MD5: 85078b9aa289efa8c5c8464d1c7a6289
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)

SRPMS:
dnsmasq-2.45-1.1.el5_3.src.rpm     MD5: 6ee54c80fad8cff45f51aed2e0869c2a
SHA-256: d5ee8b66720c40cb1e556145eb8fcaee0adbd0d72d8f66bbb84d5bb6a2c5d117
 
IA-32:
dnsmasq-2.45-1.1.el5_3.i386.rpm     MD5: 0074b6c02921d573e416f7d0f03182b3
 
IA-64:
dnsmasq-2.45-1.1.el5_3.ia64.rpm     MD5: f63b8930b3b3af4138d80cbae7dd1407
 
PPC:
dnsmasq-2.45-1.1.el5_3.ppc.rpm     MD5: c58837805be2cf98f43bc32e9f2c3ff9
 
s390x:
dnsmasq-2.45-1.1.el5_3.s390x.rpm     MD5: f69204df9efe6dcf17c9fe5edd4898c4
 
x86_64:
dnsmasq-2.45-1.1.el5_3.x86_64.rpm     MD5: 85078b9aa289efa8c5c8464d1c7a6289
 
Red Hat Enterprise Linux Long Life (v. 5.3 server)

SRPMS:
dnsmasq-2.45-1.1.el5_3.src.rpm     MD5: 6ee54c80fad8cff45f51aed2e0869c2a
SHA-256: d5ee8b66720c40cb1e556145eb8fcaee0adbd0d72d8f66bbb84d5bb6a2c5d117
 
IA-32:
dnsmasq-2.45-1.1.el5_3.i386.rpm     MD5: 0074b6c02921d573e416f7d0f03182b3
 
IA-64:
dnsmasq-2.45-1.1.el5_3.ia64.rpm     MD5: f63b8930b3b3af4138d80cbae7dd1407
 
x86_64:
dnsmasq-2.45-1.1.el5_3.x86_64.rpm     MD5: 85078b9aa289efa8c5c8464d1c7a6289
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

519020 - CVE-2009-2957, CVE-2009-2958 dnsmasq: multiple vulnerabilities in TFTP server


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/