CVE-2007-5365

Currently unrated

Key Information:

Vendor: Oracle
Status: Opensolaris; OpenBSD; Enterprise Linux; Ubuntu Linux
Vendor: CVE Published:; 11 October 2007

Summary

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

References

http://secunia.com/advisories/27338

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/27350

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/3088

vdb-entryx_refsource_VUPEN

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 11, 2007
Vulnerability Reserved
Oct 10, 2007