41687 : Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Overflow
Printer | http://osvdb.org/41687 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
5	947	over 5 years ago	almost 3 years ago	8 times	25%

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Timeline

Disclosure Date
2007-10-10

Description

<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5365" target="_blank">CVE</a>)</em> : Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Disclosure: Vendor Verified

Products

Unknown or Incomplete

References

Security Tracker: 1018794 1021157
CVE ID: 2007-5365 (see also: NVD) 2008-5010 (see also: NVD)
Bugtraq ID: 25984 32213
Secunia Advisory ID: 27160 27273 27338 27350 32668
SCIP VulDB ID: 3378
ISS X-Force ID: 37045
Milw0rm: 4601
Exploit Database: 4601
OVAL ID: 5817
VUPEN Advisory: ADV-2008-3088
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-10/0165.html
http://archives.neohapsis.com/archives/bugtraq/2007-11/0060.html
http://www.securityfocus.com/archive/1/archive/1/482085/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/483230/100/100/threaded
Vendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446354
http://sunsolve.sun.com/search/document.do?assetkey=1-21-109077-21-1
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/dhcpd/options.c
Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00163.html
http://www.coresecurity.com/content/open-bsd-dhcp-server
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1962
http://www.debian.org/security/2007/dsa-1388
http://www.openbsd.org/errata40.html
http://www.openbsd.org/errata40.html#016_dhcpd
http://www.openbsd.org/errata41.html#010_dhcpd
http://www.openbsd.org/errata42.html#001_dhcpd
http://www.ubuntu.com/usn/usn-531-1
http://www.ubuntu.com/usn/usn-531-2
Vendor Specific Solution URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243806-1
Generic Exploit URL: http://www.securiteam.com/exploits/6Z00115KAQ.html
RedHat RHSA: RHSA-2007:0970

Tools & Filters

	27515 27566

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 10.0
Source: nvd.nist.gov | Generated: 2008-11-11 | Disagree? | There are 1 more: View All

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.