Date: Tue, 1 Jul 2008 17:57:53 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com, Jamie Strandboge <jamie@...onical.com> Subject: Re: CVE request for dnsmasq DoS On Mon, 30 Jun 2008, Jamie Strandboge wrote: > Hi, > > There is a remote DoS in dnsmasq 2.25 (and presumably earlier) that is > fixed in 2.26. Details can be found at . Can we get a CVE assigned > for this? I'm not sure I fully understand Thierry Carrez' comment about the security implications of this issue. It seems like an exploit would require a malicious DHCP server, in which case isn't DHCP service already compromised? If so, then a crash of dnsmasq (null dereference?) doesn't seem to be any worse than the loss of DHCP itself. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ