Stack-based Buffer Overflow in DHCP Server Implementations by OpenBSD
CVE-2007-5365

Currently unrated

Key Information:

Vendor

Oracle
Status
Opensolaris
OpenBSD
Enterprise Linux
Ubuntu Linux
Vendor
CVE Published:
11 October 2007

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 43%

What is CVE-2007-5365?

The DHCP server implementations by OpenBSD, specifically versions 4.0 through 4.2, are susceptible to a stack-based buffer overflow within the cons_options function. Attackers can take advantage of this vulnerability by sending a specially crafted DHCP request that specifies a maximum message size smaller than the minimum IP MTU. This could allow for arbitrary code execution or result in a denial of service, causing the DHCP daemon to crash. This vulnerability underscores the importance of maintaining updated software and the need for robust security measures within network services.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-5365 - Proof of Concept

References

http://secunia.com/advisories/27338
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27350
third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/3088
vdb-entryx_refsource_VUPEN

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.