Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu,  7 Jan 2016 11:05:02 -0500 (EST)
From: cve-assign@...re.org
To: oss-security+ml@...lde.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE id request: dhcpcd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30

> dhcp_optlen now returns the length of the data we can sanely work on
> given the option definition and data length. Call dhcp_optlen in
> dhcp_envoption1 to take into ensure these bounds are not overstepped.
> Fixes an issue reported by Nico Golde where extra undersized data was
> present in the option. An example of this would be an array of
> uint16's with a trailing byte.

>> can lead to a heap overflow via malformed dhcp responses later in
>> print_option (via dhcp_envoption1) due to incorrect option length
>> values

Use CVE-2016-1503.


> http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403

> Ensure that option length fits inside data length less option size.
> Thanks to Nico Golde for the report.

>> can lead to an invalid read/crash via malformed dhcp responses

Use CVE-2016-1504.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWjovzAAoJEL54rhJi8gl5qPoP/09Wz1OS85Nf+AvNIW+/8W2p
K/P2rZtH5LFO5Q372bnGNqwJZchiWn2GF/luo5WNv9tD8YnGOc4FpG/q3Ib7OimO
3ZlREA6SmpCis0Xm/coLp8OeKyKJyBnLzPY2F0f3fzNvxMm7+bLT+qNcl/gxUv3K
uPbRsSJlm7pJGX/mDIhEzlsgbVFJAxEa6/DMPnPMQYt6nRE84h7E5+baha7kTss2
FCSI0fvDM6pM0424hF2tJ7KxVjatpr89gs8GM/esJ/7O84dSxbfuHIuhRnO3Cdz2
GZshNjPg1mVg5PVZ8KlgKHR7K16cGjCBg6MVvZ4PO1R+gCJeWTEUuwIZstNYNLr5
86ikcvgmLIA6gBv4urTq5f4qk9cMd9bT9HoTuGEvcNjQUkXxH3r2b2m6Z5iFTBHA
Yz3V2+qC667Dz2Cc6u7XRbdytFDHBdRVdN75kL4e49i3T1h2e1hL6OUywh9mcTVW
WRBFUMfjb/6ygG1e8uAt11dvu0hPKFLjhra3kupnkvsPSoS7Q+cFIpZp8wxI178n
yyjRJtXJg1SwQgxAvjz/mxdDVaNYy+/l9DROO/PtJkvLapnXBSGr6X7ETRbbt3bp
wIiDA3XsCx89wdg04BroekQQj2LuTqal0ka7deq2zlESe8Lp318ZvddHydNvhLBP
v+u2ckznzWdtquNvh3Fe
=4+1K
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ