CVE-2009-2957

dnsmasq < 2.50 - Heap-Based Buffer Overflow via Long TFTP Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2957.

AI-analyzed exploit summary This advisory details two vulnerabilities in Dnsmasq's TFTP server: a heap overflow (CVE-2009-2957) due to improper handling of long filenames with a configured prefix, and a null-pointer dereference (CVE-2009-2958) in TFTP option parsing. The document includes technical analysis, affected versions, and proof-of-concept details for crashing the service.

Description

Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.

Exploits (1)

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/9617

View Code ZIP pw:eip

This advisory details two vulnerabilities in Dnsmasq's TFTP server: a heap overflow (CVE-2009-2957) due to improper handling of long filenames with a configured prefix, and a null-pointer dereference (CVE-2009-2958) in TFTP option parsing. The document includes technical analysis, affected versions, and proof-of-concept details for crashing the service.

Classification

Writeup 100%

Attack Type

Rce | Dos

Complexity

Moderate

Reliability

Reliable

Target: Dnsmasq 2.40-2.49

No auth needed

Prerequisites: TFTP service enabled in Dnsmasq · Long directory prefix configured for CVE-2009-2957

MITRE ATT&CK