Candidate: CVE-2009-2957
PublicDate: 2009-09-02 15:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2957
 https://ubuntu.com/security/notices/USN-827-1
Description:
 Heap-based buffer overflow in the tftp_request function in tftp.c in
 dnsmasq before 2.50, when --enable-tftp is used, might allow remote
 attackers to execute arbitrary code via a long filename in a TFTP packet,
 as demonstrated by a read (aka RRQ) request.
Ubuntu-Description:
Notes:
 jdstrand> Dapper does not have tftp code
Bugs:
Priority: high
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_dnsmasq:
upstream_dnsmasq: released (2.50-1)
dapper_dnsmasq: not-affected
hardy_dnsmasq: released (2.41-2ubuntu2.2)
intrepid_dnsmasq: released (2.45-1ubuntu1.1)
jaunty_dnsmasq: released (2.47-3ubuntu0.1)
devel_dnsmasq: released (2.50-1)