CVE-2009-2958

dnsmasq < 2.50 - Denial of Service via Malformed TFTP Blksize Option

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2958. PoCs published by Core Security.

AI-analyzed exploit summary This is a detailed advisory from Core Security Technologies describing two vulnerabilities in Dnsmasq's TFTP server: a heap overflow (CVE-2009-2957) and a null-pointer dereference (CVE-2009-2958). The advisory includes technical details, affected versions, and proof-of-concept snippets for crashing the service.

Description

The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Core Security · textdoswindows

https://www.exploit-db.com/exploits/9617

View Code ZIP pw:eip

This is a detailed advisory from Core Security Technologies describing two vulnerabilities in Dnsmasq's TFTP server: a heap overflow (CVE-2009-2957) and a null-pointer dereference (CVE-2009-2958). The advisory includes technical details, affected versions, and proof-of-concept snippets for crashing the service.

Classification

Writeup 100%

Attack Type

Dos | Rce

Complexity

Moderate

Reliability

Theoretical

Target: Dnsmasq 2.40-2.49

No auth needed

Prerequisites: TFTP service enabled in Dnsmasq · Network access to the TFTP server

MITRE ATT&CK