Date: Wed, 30 Jul 2014 19:32:50 +0100 From: Roy Marples <roy@...ples.name> To: oss-security@...ts.openwall.com Subject: CVE Request: dhcpcd DoS attack Hi dhcpcd-4.0.0 though to dhcpcd.6.4.2 are vulnerable to a DoS attack. As reported by Tobias Stoeckmann: In function get_option, the DHO_OPTIONSOVERLOADED option checks if there are overloaded options, like bootfile or servername. It tries to make sure that it's called only once, BUT overwrites that information after receiving a DHO_END. A malicious server could set the option DHO_OPTIONSOVERLOADED yet another time in the bootfile or servername section, which will result in another jump -- maybe into the same area. This has been fixed upstream here: http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0 I would like to request a CVE for the issue. dhcpcd-6.4.3 has been released with the above fix. Thanks Roy
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ