Date: Tue, 1 Dec 2015 17:51:46 -0800 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Cc: guidovranken@...il.com Subject: CVE Request: dhcpcd 3.x, potentially other versions too Hello MITRE, all. Guido Vranken reported several flaws to Ubuntu's launchpad bugtracker in the dhcpcd3 package that is shipped in Ubuntu, Debian, and potentially other distributions. https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226 Guido included a patch along with AFL-discovered inputs to trigger the issues: https://launchpadlibrarian.net/228152582/dhcp.c.patch https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226/+attachment/4520925/+files/patch-payloads-dhcpcd.c.tar.xz Roy Marples has already addressed these issues in upstream dhcpcd packages; I believe these issues may require 2012-era CVE identifiers: http://roy.marples.name/projects/dhcpcd/finfo?name=dhcp.c&ci=27a92c6a825d6e74 I believe this represents three distinct flaws: out of bounds reads beyond the end of the supplied packet, out of bounds write before the start of the 'out' parameter, and a use-after-free. I brought this issue to the distros list on Wed, 18 Nov 2015. Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ