Launchpad.net

CVE 2007-5365

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.openbsd.org...
OPENBSD: [4.0] 20071008 016: SE...
OPENBSD: [4.1] 20071008 010: SE...
OPENBSD: [4.2] 20071008 001: SE...
BID: 25984
SECUNIA: 27160
SECTRACK: 1018794
CONFIRM: http://bugs.debian.org...
DEBIAN: DSA-1388
SECUNIA: 27273
REDHAT: RHSA-2007:0970
UBUNTU: USN-531-1
SECUNIA: 27350
UBUNTU: USN-531-2
SECUNIA: 27338
CONFIRM: http://sunsolve.sun.co...
SUNALERT: 243806
BID: 32213
SECTRACK: 1021157
SECUNIA: 32668
VUPEN: ADV-2008-3088
MISC: http://www.coresecurit...
XF: openbsd-dhcp-bo(37045)
EXPLOIT-DB: 4601
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20071011 CORE-2007-092...
BUGTRAQ: 20071102 DoS Exploit f...

Launchpad.net

CVE 2007-5365

Related bugs

References