|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200507-16] dhcpcd: Denial of Service vulnerability Vulnerability Scan
Vulnerability Scan Summary dhcpcd: Denial of Service vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200507-16
(dhcpcd: Denial of Service vulnerability)
infamous42md discovered that dhcpcd can be tricked to read past
the end of the supplied DHCP buffer. As a result, this might lead to a
crash of the daemon.
Impact
With a malicious DHCP server a possible hacker could cause a Denial of
Service by crashing the DHCP client.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1848
Solution:
All dhcpcd users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-1.3.22_p4-r11"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|