Stack-based Buffer Overflow in DHCP Server Implementations by OpenBSD
CVE-2007-5365

Currently unrated

Key Information:

Vendor

Oracle
Status
Opensolaris
OpenBSD
Enterprise Linux
Ubuntu Linux
Vendor
CVE Published:
11 October 2007

What is CVE-2007-5365?

The DHCP server implementations by OpenBSD, specifically versions 4.0 through 4.2, are susceptible to a stack-based buffer overflow within the cons_options function. Attackers can take advantage of this vulnerability by sending a specially crafted DHCP request that specifies a maximum message size smaller than the minimum IP MTU. This could allow for arbitrary code execution or result in a denial of service, causing the DHCP daemon to crash. This vulnerability underscores the importance of maintaining updated software and the need for robust security measures within network services.

References

http://secunia.com/advisories/27338
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27350
third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/3088
vdb-entryx_refsource_VUPEN

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.