On Mon, Oct 27, 2025 at 09:34:03AM -0700, Alan Coopersmith wrote:
> Among the new CVE's published this weekend were these from the VulDB CNA:
>
> For all three bugs, the documented "exploit" requires "Replace the default
> configuration file (/etc/dnsmasq.conf) with the provided malicious file."
> and if you can replace the server's configuration file you don't need to
> play games with putting invalid contents in to break the parser, but can
> simply change the configuration directly.
The same nonsense also happened for the Kamailio SIP server (CVE-2025-12204,
CVE-2025-12205, CVE-2025-12206 and CVE-2025-12207).
Cheers,
Moritz
