oss-sec mailing list archives
CVE Request: dhcpcd DoS attack
From: Roy Marples <roy () marples name>
Date: Wed, 30 Jul 2014 19:32:50 +0100
Hi dhcpcd-4.0.0 though to dhcpcd.6.4.2 are vulnerable to a DoS attack. As reported by Tobias Stoeckmann: In function get_option, the DHO_OPTIONSOVERLOADED option checks if there are overloaded options, like bootfile or servername. It tries to make sure that it's called only once, BUT overwrites that information after receiving a DHO_END. A malicious server could set the option DHO_OPTIONSOVERLOADED yet another time in the bootfile or servername section, which will result in another jump -- maybe into the same area. This has been fixed upstream here: http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0 I would like to request a CVE for the issue. dhcpcd-6.4.3 has been released with the above fix. Thanks Roy
Current thread:
- CVE Request: dhcpcd DoS attack Roy Marples (Jul 30)
- Re: CVE Request: dhcpcd DoS attack Kristian Fiskerstrand (Sep 01)
- Re: CVE Request: dhcpcd DoS attack Florian Weimer (Sep 01)
- Re: CVE Request: dhcpcd DoS attack cve-assign (Sep 01)
- Re: CVE Request: dhcpcd DoS attack Kristian Fiskerstrand (Sep 01)