Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Dec 2015 17:51:46 -0800
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Cc: guidovranken@...il.com
Subject: CVE Request: dhcpcd 3.x, potentially other versions too

Hello MITRE, all.

Guido Vranken reported several flaws to Ubuntu's launchpad bugtracker
in the dhcpcd3 package that is shipped in Ubuntu, Debian, and potentially
other distributions.

https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226

Guido included a patch along with AFL-discovered inputs to trigger the
issues:

https://launchpadlibrarian.net/228152582/dhcp.c.patch

https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226/+attachment/4520925/+files/patch-payloads-dhcpcd.c.tar.xz

Roy Marples has already addressed these issues in upstream dhcpcd
packages; I believe these issues may require 2012-era CVE identifiers:

http://roy.marples.name/projects/dhcpcd/finfo?name=dhcp.c&ci=27a92c6a825d6e74


I believe this represents three distinct flaws: out of bounds reads beyond
the end of the supplied packet, out of bounds write before the start of
the 'out' parameter, and a use-after-free.

I brought this issue to the distros list on Wed, 18 Nov 2015.

Thanks

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ