Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <edf518d05bab2fa8146e3c783427c852@mail.marples.name>
Date: Wed, 30 Jul 2014 19:32:50 +0100
From: Roy Marples <roy@...ples.name>
To: oss-security@...ts.openwall.com
Subject: CVE Request: dhcpcd DoS attack

Hi

dhcpcd-4.0.0 though to dhcpcd.6.4.2 are vulnerable to a DoS attack.

As reported by Tobias Stoeckmann:
In function get_option, the DHO_OPTIONSOVERLOADED option checks if there
are overloaded options, like bootfile or servername.  It tries to make
sure that it's called only once, BUT overwrites that information after
receiving a DHO_END.  A malicious server could set the option
DHO_OPTIONSOVERLOADED yet another time in the bootfile or servername
section, which will result in another jump -- maybe into the same area.

This has been fixed upstream here:
http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0

I would like to request a CVE for the issue.

dhcpcd-6.4.3 has been released with the above fix.

Thanks

Roy

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.