Joined: 12 May 2004
|Posted: Fri Jul 15, 2005 8:34 pm Post subject: [ GLSA 200507-16 ] dhcpcd: Denial of Service vulnerability
|Gentoo Linux Security Advisory
Title: dhcpcd: Denial of Service vulnerability (GLSA 200507-16)
Date: July 15, 2005
A vulnerability in dhcpcd may cause the dhcpcd daemon to crash.
dhcpcd is a standards compliant DHCP client daemon. It requests an
IP address and other information from the DHCP server, automatically
configures the network interface, and tries to renew the lease time.
Vulnerable: < 1.3.22_p4-r11
Unaffected: >= 1.3.22_p4-r11
Architectures: All supported architectures
infamous42md discovered that dhcpcd can be tricked to read past
the end of the supplied DHCP buffer. As a result, this might lead to a
crash of the daemon.
With a malicious DHCP server an attacker could cause a Denial of
Service by crashing the DHCP client.
There is no known workaround at this time.
All dhcpcd users should upgrade to the latest available version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-1.3.22_p4-r11"
Last edited by GLSA on Mon Oct 28, 2013 4:20 am; edited 3 times in total