Integer Overflow Vulnerability in ISC DHCPD and VMware Products
CVE-2007-0062

Currently unrated

Key Information:

Vendor

Vmware
Status
Workstation
Ace
Player
Server
Vendor
CVE Published:
21 September 2007

What is CVE-2007-0062?

An integer overflow vulnerability exists in ISC DHCPD versions prior to 3.0.7 and 3.1.1, as well as various VMware products, allowing remote attackers to conduct denial of service attacks or execute arbitrary code. This vulnerability occurs when a malformed DHCP packet contains a large dhcp-max-message-size parameter, leading to a stack-based buffer overflow in servers configured to relay numerous DHCP options to clients.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2007-S...
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/25729
vdb-entryx_refsource_BID
http://security.gentoo.org/glsa/glsa-200711-23.xml
vendor-advisoryx_refsource_GENTOO

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.