ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


CVE 2009-2957

'Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when –enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.'

ClearCenter response

Short response

This issue was resolved in a backported fix. Current up to date versions not affected.

Long response

This issue does not affect ClearOS 6.x. This issue was resolved in ClearOS 5.1 and subsequent versions. The default settings of DNSMasq does not have the TFTP feature enabled. This issue can only affect Clarkconnect 5.0 systems that were not updated or ClearOS 5.1 beta versions that were not updated. All ClearOS systems running current updates are not affected.

Resolution

Ensure that your system is up to date.

yum update
content/en_us/announcements_cve_cve-2009-2957.txt · Last modified: 2014/12/22 11:02 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Aannouncements_cve_cve-2009-2957&1563384981