Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Jul 2014 19:32:50 +0100
From: Roy Marples <roy@...ples.name>
To: oss-security@...ts.openwall.com
Subject: CVE Request: dhcpcd DoS attack

Hi

dhcpcd-4.0.0 though to dhcpcd.6.4.2 are vulnerable to a DoS attack.

As reported by Tobias Stoeckmann:
In function get_option, the DHO_OPTIONSOVERLOADED option checks if there
are overloaded options, like bootfile or servername.  It tries to make
sure that it's called only once, BUT overwrites that information after
receiving a DHO_END.  A malicious server could set the option
DHO_OPTIONSOVERLOADED yet another time in the bootfile or servername
section, which will result in another jump -- maybe into the same area.

This has been fixed upstream here:
http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0

I would like to request a CVE for the issue.

dhcpcd-6.4.3 has been released with the above fix.

Thanks

Roy

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ