'The tftp_request function in tftp.c in dnsmasq before 2.50, when –enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.'

• Copyright MITRE Corporation

This issue was resolved in a backported fix. Current up to date versions not affected.

This issue does not affect ClearOS 6.x. This issue was resolved in ClearOS 5.x and subsequent versions. The default settings of DNSMasq does not have the TFTP feature enabled. This issue can only affect Clarkconnect 5.0 systems that were not updated or ClearOS 5.1 beta versions. All ClearOS systems running current updates are not affected.

Ensure that your system is up to date.

yum update

• MITRE.org CVE database

search?q=clearos%2C%20clearos%20content%2C%20CVE%2C%20CVE2009%2C%20xcategory%2C%20maintainer_dloper%2C%20maintainerreview_x%2C%20keywordfix&btnI=lucky