Joined: 12 May 2004
|Posted: Fri Jul 15, 2005 8:34 pm Post subject: [ GLSA 200507-16 ] dhcpcd: Denial of Service vulnerability
|Gentoo Linux Security Advisory
Title: dhcpcd: Denial of Service vulnerability (GLSA 200507-16)
Date: July 15, 2005
A vulnerability in dhcpcd may cause the dhcpcd daemon to crash.
dhcpcd is a standards compliant DHCP client daemon. It requests an IP address and other information from the DHCP server, automatically configures the network interface, and tries to renew the lease time.
Vulnerable: < 1.3.22_p4-r11
Unaffected: >= 1.3.22_p4-r11
Architectures: All supported architectures
infamous42md discovered that dhcpcd can be tricked to read past the end of the supplied DHCP buffer. As a result, this might lead to a crash of the daemon.
With a malicious DHCP server an attacker could cause a Denial of Service by crashing the DHCP client.
There is no known workaround at this time.
All dhcpcd users should upgrade to the latest available version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-1.3.22_p4-r11"
Last edited by GLSA on Sun May 07, 2006 4:58 pm; edited 1 time in total