oss-sec mailing list archives
CVE Request: dhcpcd 3.x, potentially other versions too
From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 1 Dec 2015 17:51:46 -0800
Hello MITRE, all. Guido Vranken reported several flaws to Ubuntu's launchpad bugtracker in the dhcpcd3 package that is shipped in Ubuntu, Debian, and potentially other distributions. https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226 Guido included a patch along with AFL-discovered inputs to trigger the issues: https://launchpadlibrarian.net/228152582/dhcp.c.patch https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226/+attachment/4520925/+files/patch-payloads-dhcpcd.c.tar.xz Roy Marples has already addressed these issues in upstream dhcpcd packages; I believe these issues may require 2012-era CVE identifiers: http://roy.marples.name/projects/dhcpcd/finfo?name=dhcp.c&ci=27a92c6a825d6e74 I believe this represents three distinct flaws: out of bounds reads beyond the end of the supplied packet, out of bounds write before the start of the 'out' parameter, and a use-after-free. I brought this issue to the distros list on Wed, 18 Nov 2015. Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: dhcpcd 3.x, potentially other versions too Seth Arnold (Dec 01)
- Re: CVE Request: dhcpcd 3.x, potentially other versions too cve-assign (Dec 01)
- Re: Re: CVE Request: dhcpcd 3.x, potentially other versions too Seth Arnold (Dec 01)
- Re: Re: CVE Request: dhcpcd 3.x, potentially other versions too Sebastian Krahmer (Dec 02)
- Re: Re: CVE Request: dhcpcd 3.x, potentially other versions too Seth Arnold (Dec 01)
- Re: CVE Request: dhcpcd 3.x, potentially other versions too cve-assign (Dec 02)
- Re: CVE Request: dhcpcd 3.x, potentially other versions too cve-assign (Dec 01)