Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Dec 2015 17:51:46 -0800
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Cc: guidovranken@...il.com
Subject: CVE Request: dhcpcd 3.x, potentially other versions too

Hello MITRE, all.

Guido Vranken reported several flaws to Ubuntu's launchpad bugtracker
in the dhcpcd3 package that is shipped in Ubuntu, Debian, and potentially
other distributions.

https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226

Guido included a patch along with AFL-discovered inputs to trigger the
issues:

https://launchpadlibrarian.net/228152582/dhcp.c.patch

https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226/+attachment/4520925/+files/patch-payloads-dhcpcd.c.tar.xz

Roy Marples has already addressed these issues in upstream dhcpcd
packages; I believe these issues may require 2012-era CVE identifiers:

http://roy.marples.name/projects/dhcpcd/finfo?name=dhcp.c&ci=27a92c6a825d6e74


I believe this represents three distinct flaws: out of bounds reads beyond
the end of the supplied packet, out of bounds write before the start of
the 'out' parameter, and a use-after-free.

I brought this issue to the distros list on Wed, 18 Nov 2015.

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.