.png)
10 hours ago
1
oss-sec mailing list archives
From: Moritz Mühlenhoff <jmm () inutil org>
Date: Mon, 27 Oct 2025 19:21:54 +0000
On Mon, Oct 27, 2025 at 09:34:03AM -0700, Alan Coopersmith wrote: Among the new CVE's published this weekend were these from the VulDB CNA: For all three bugs, the documented "exploit" requires "Replace the default configuration file (/etc/dnsmasq.conf) with the provided malicious file." and if you can replace the server's configuration file you don't need to play games with putting invalid contents in to break the parser, but can simply change the configuration directly. The same nonsense also happened for the Kamailio SIP server (CVE-2025-12204, CVE-2025-12205, CVE-2025-12206 and CVE-2025-12207). Cheers, Moritz
Current thread:
- Questionable CVE's reported against dnsmasq Alan Coopersmith (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Jeremy Stanley (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Andrew Latham (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Sebastian Pipping (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Stuart Henderson (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Sebastian Pipping (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Andrew Latham (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Jeremy Stanley (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Jeffrey Walton (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Collin Funk (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Michael Orlitzky (Oct 27)
