oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Questionable CVE's reported against dnsmasq

From: Moritz Mühlenhoff <jmm () inutil org>
Date: Mon, 27 Oct 2025 19:21:54 +0000
On Mon, Oct 27, 2025 at 09:34:03AM -0700, Alan Coopersmith wrote:

Among the new CVE's published this weekend were these from the VulDB CNA:

For all three bugs, the documented "exploit" requires "Replace the default
configuration file (/etc/dnsmasq.conf) with the provided malicious file."
and if you can replace the server's configuration file you don't need to
play games with putting invalid contents in to break the parser, but can
simply change the configuration directly.


The same nonsense also happened for the Kamailio SIP server (CVE-2025-12204,
CVE-2025-12205, CVE-2025-12206 and CVE-2025-12207).

Cheers,
        Moritz
Previous By Date Next
Previous By Thread Next

Current thread: