CVE-2009-2957
Public Exploits 1
ExploitDB · 1 EDB-9617#CVE-2009-2957 [dos]
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2009-2957
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Thekelleys Dnsmasq TFTP服务远程堆溢出漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dnsmasq是软件开发者Simon Kelley所研发的一款使用C语言编写的开源轻量级DNS转发和DHCP、TFTP服务器。 dnsmasq在启用了TFTP服务(--enable-tftp命令行选项或在/etc/dnsmasq.conf中启用enable-tftp)的时候存在堆溢出漏洞。如果所配置的tftp-root足够长,且远程用户发送的请求中包含有超长的文件名,dnsmasq就可能崩溃或以dnsmasq服务的权限(通常为非特权的nobody用户)执行任意代码。 tftp_request对daemon
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2009-2957
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2009-2957
请登录查看更多情报信息。
- http://www.coresecurity.com/content/dnsmasq-vulnerabilitiesx_refsource_MISC
- http://www.thekelleys.org.uk/dnsmasq/CHANGELOGx_refsource_CONFIRM
- https://bugzilla.redhat.com/show_bug.cgi?id=519020x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2009-2957
Same Patch Batch · n/a · 2009-09-02 · 20 CVEs total
| CVE-2009-2968 | VMware Studio Web界面 目录遍历漏洞 | |
| CVE-2009-2958 | Thekelleys Dnsmasq TFTP服务远程空指针引用漏洞 | |
| CVE-2009-3050 | HTMLDOC html文件处理栈溢出漏洞 | |
| CVE-2009-3049 | Opera Web浏览器 地址栏欺骗漏洞 | |
| CVE-2009-3048 | opera 多平台 文件上传漏洞 | |
| CVE-2009-3047 | Opera Web浏览器 URL欺骗漏洞 | |
| CVE-2009-3046 | Opera Web浏览器 认证缺陷漏洞 | |
| CVE-2009-3045 | Opera Web浏览器多个安全漏洞 | |
| CVE-2009-3044 | Opera Web浏览器 认证绕过漏洞 | |
| CVE-2009-3043 | Linux Kernel tty_ldisc_hangup函数空指针解引用拒绝服务漏洞 | |
| CVE-2008-7153 | Docebo autoDetectRegion函数 SQL注入漏洞 | |
| CVE-2009-2700 | Digia Qt 输入验证错误漏洞 | |
| CVE-2009-0201 | OpenOffice OpenOffice.org Word文档表格解析堆缓冲区溢出漏洞 | |
| CVE-2009-0200 | OpenOffice OpenOffice.org Word文档表格解析整数溢出漏洞 | |
| CVE-2008-7158 | Numarasoftware Numara FootPrints MRchat.pl和MRABLoad2.pl输入验证漏洞 | |
| CVE-2008-7157 | EkinBoard 任意文件上传漏洞 | |
| CVE-2008-7156 | EkinBoard 权限提升漏洞 | |
| CVE-2008-7155 | Phprisk netRisk admin/change_submit.php密码信息泄露漏洞 | |
| CVE-2008-7154 | Docebo 多个信息泄露漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2009-2957
No comments yet