PublicDate: 2008-07-18 16:41:00 UTC
Candidate: CVE-2008-3214
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3214
 http://www.openwall.com/lists/oss-security/2008/07/08/8
Description:
 dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon
 crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for
 an IP address that is not in the same network, related to the DHCP NAK
 response from the daemon.
Ubuntu-Description:
Notes:
 jdstrand> 6.06 only. PoC exists and trivially exploitable
 jdstrand> openwall reference has reproducer
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/47438
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_dnsmasq:
 debdiff: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/47438
upstream_dnsmasq: released (2.26)
dapper_dnsmasq: released (2.25-1ubuntu0.1)
feisty_dnsmasq: not-affected (2.37-1)
gutsy_dnsmasq: not-affected (2.39-1)
hardy_dnsmasq: not-affected (2.41-2ubuntu1)
devel_dnsmasq: not-affected (2.45-1ubuntu1)