Re: CVE Request: dhcpcd DoS attack

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0

> In function get_option, the DHO_OPTIONSOVERLOADED option checks if there
> are overloaded options, like bootfile or servername.  It tries to make
> sure that it's called only once, BUT overwrites that information after
> receiving a DHO_END.  A malicious server could set the option
> DHO_OPTIONSOVERLOADED yet another time in the bootfile or servername
> section, which will result in another jump -- maybe into the same area.

> dhcpcd-4.0.0 though to dhcpcd.6.4.2 are vulnerable

> dhcpcd-6.4.3 has been released with the above fix.

Use CVE-2014-6060. Presumably this crosses privilege boundaries. (The
type of DoS impact is not stated, and the server is implicitly allowed
to conduct some types of DoS attacks against the client -- for
example, by refusing to allocate an IP address.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUBOgTAAoJEKllVAevmvmswEUIAMkBxocvxtTziw5PJQrUr6y9
Im6hdAVOVs8PSNHMvrUPqlB1xer5CNj+GvZ1eSyuavzikxPfBmekiTn9PMilEXRV
OczR9FyjZnTgRD1CtBzaMO8KQ7V3ojiF3NSQyQV+cBZVyLpxvPeXDq8Uw9qIwmMJ
eyM8LpmY1XCQ1/vXu8lsDYOeKp3JRvZmjVXfwpXWmLVuVnsfoTGp0Sln+B3VbCQg
jMbeiEkaScXCbh4zKVtFYwR8a3mDhOiD0sSVQdl7jE/wZP+7K8QodGLJTp7KjTOO
AoLUshwGfK0ACyWbEiG4MdW8ouIiLoTxKV1+F3r0McMoMGO3nAkVrNPXDeNXQZM=
=uS8R
-----END PGP SIGNATURE-----