Integer Overflow Vulnerability in ISC DHCPD and VMware Products
CVE-2007-0062

Currently unrated

Key Information:

Vendor
Vmware
Status
Workstation
Ace
Player
Server
Vendor
CVE Published:
21 September 2007

Summary

An integer overflow vulnerability exists in ISC DHCPD versions prior to 3.0.7 and 3.1.1, as well as various VMware products, allowing remote attackers to conduct denial of service attacks or execute arbitrary code. This vulnerability occurs when a malformed DHCP packet contains a large dhcp-max-message-size parameter, leading to a stack-based buffer overflow in servers configured to relay numerous DHCP options to clients.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2007-S...
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/25729
vdb-entryx_refsource_BID
http://security.gentoo.org/glsa/glsa-200711-23.xml
vendor-advisoryx_refsource_GENTOO

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.