Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5365

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2007-5365
Last Modified 02 Aug 2011 12:00:00
Published 11 Oct 2007 06:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5365

Summary

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

Vulnerable Systems

Operating System

  • Debian Linux 3.1

  • Debian Linux 4.0

  • Openbsd 4.0

  • Openbsd 4.1

  • Openbsd 4.2

  • Redhat Enterprise Linux 2.1

  • Redhat Linux Advanced Workstation 2.1

  • Sun Opensolaris Snv 01

  • Sun Opensolaris Snv 02

  • Sun Opensolaris Snv 03

  • Sun Opensolaris Snv 04

  • Sun Opensolaris Snv 05

  • Sun Opensolaris Snv 06

  • Sun Opensolaris Snv 07

  • Sun Opensolaris Snv 08

  • Sun Opensolaris Snv 09

  • Sun Opensolaris Snv 10

  • Sun Opensolaris Snv 100

  • Sun Opensolaris Snv 101

  • Sun Opensolaris Snv 102

  • Sun Opensolaris Snv 11

  • Sun Opensolaris Snv 12

  • Sun Opensolaris Snv 13

  • Sun Opensolaris Snv 14

  • Sun Opensolaris Snv 15

  • Sun Opensolaris Snv 16

  • Sun Opensolaris Snv 17

  • Sun Opensolaris Snv 18

  • Sun Opensolaris Snv 19

  • Sun Opensolaris Snv 20

  • Sun Opensolaris Snv 21

  • Sun Opensolaris Snv 22

  • Sun Opensolaris Snv 23

  • Sun Opensolaris Snv 24

  • Sun Opensolaris Snv 25

  • Sun Opensolaris Snv 26

  • Sun Opensolaris Snv 27

  • Sun Opensolaris Snv 28

  • Sun Opensolaris Snv 29

  • Sun Opensolaris Snv 30

  • Sun Opensolaris Snv 31

  • Sun Opensolaris Snv 32

  • Sun Opensolaris Snv 33

  • Sun Opensolaris Snv 34

  • Sun Opensolaris Snv 35

  • Sun Opensolaris Snv 36

  • Sun Opensolaris Snv 37

  • Sun Opensolaris Snv 38

  • Sun Opensolaris Snv 39

  • Sun Opensolaris Snv 40

  • Sun Opensolaris Snv 41

  • Sun Opensolaris Snv 42

  • Sun Opensolaris Snv 43

  • Sun Opensolaris Snv 44

  • Sun Opensolaris Snv 45

  • Sun Opensolaris Snv 46

  • Sun Opensolaris Snv 47

  • Sun Opensolaris Snv 48

  • Sun Opensolaris Snv 49

  • Sun Opensolaris Snv 50

  • Sun Opensolaris Snv 51

  • Sun Opensolaris Snv 52

  • Sun Opensolaris Snv 53

  • Sun Opensolaris Snv 54

  • Sun Opensolaris Snv 55

  • Sun Opensolaris Snv 56

  • Sun Opensolaris Snv 57

  • Sun Opensolaris Snv 58

  • Sun Opensolaris Snv 59

  • Sun Opensolaris Snv 60

  • Sun Opensolaris Snv 61

  • Sun Opensolaris Snv 62

  • Sun Opensolaris Snv 63

  • Sun Opensolaris Snv 64

  • Sun Opensolaris Snv 65

  • Sun Opensolaris Snv 66

  • Sun Opensolaris Snv 67

  • Sun Opensolaris Snv 68

  • Sun Opensolaris Snv 69

  • Sun Opensolaris Snv 70

  • Sun Opensolaris Snv 71

  • Sun Opensolaris Snv 72

  • Sun Opensolaris Snv 73

  • Sun Opensolaris Snv 74

  • Sun Opensolaris Snv 75

  • Sun Opensolaris Snv 76

  • Sun Opensolaris Snv 77

  • Sun Opensolaris Snv 78

  • Sun Opensolaris Snv 79

  • Sun Opensolaris Snv 80

  • Sun Opensolaris Snv 81

  • Sun Opensolaris Snv 82

  • Sun Opensolaris Snv 83

  • Sun Opensolaris Snv 84

  • Sun Opensolaris Snv 85

  • Sun Opensolaris Snv 86

  • Sun Opensolaris Snv 87

  • Sun Opensolaris Snv 88

  • Sun Opensolaris Snv 89

  • Sun Opensolaris Snv 90

  • Sun Opensolaris Snv 91

  • Sun Opensolaris Snv 92

  • Sun Opensolaris Snv 93

  • Sun Opensolaris Snv 94

  • Sun Opensolaris Snv 95

  • Sun Opensolaris Snv 96

  • Sun Opensolaris Snv 97

  • Sun Opensolaris Snv 98

  • Sun Opensolaris Snv 99

  • Sun Solaris 10.0

  • Sun Solaris 8.0

  • Sun Solaris 9.0

  • Ubuntu Linux 6.06

  • Ubuntu Linux 6.10

  • Ubuntu Linux 7.04

  • Ubuntu Linux 7.10


References

BID - 25984

OPENBSD - [4.2] 20071008 001: SECURITY FIX: October 8, 2007

OPENBSD - [4.1] 20071008 010: SECURITY FIX: October 8, 2007

OPENBSD - [4.0] 20071008 016: SECURITY FIX: October 8, 2007

CONFIRM - http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/dhcpd/options.c

XF - openbsd-dhcp-bo(37045)

VUPEN - ADV-2008-3088

UBUNTU - USN-531-2

UBUNTU - USN-531-1

SECTRACK - 1018794

BID - 32213

BUGTRAQ - 20071102 DoS Exploit for DHCPd bug (Bugtraq ID 25984 ; CVE-2007-5365)

BUGTRAQ - 20071011 CORE-2007-0928: Stack-based buffer overflow vulnerability in OpenBSDâ??s DHCP server

REDHAT - RHSA-2007:0970

MILW0RM - 4601

DEBIAN - DSA-1388

MISC - http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1962

SUNALERT - 243806

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-109077-21-1

SECTRACK - 1021157

SECUNIA - 32668

SECUNIA - 27350

SECUNIA - 27338

SECUNIA - 27273

SECUNIA - 27160

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446354

BUGTRAQ - 20071011 CORE-2007-0928: Stack-based buffer overflow vulnerability in OpenBSDâ??s DHCP server


Last Updated: 27 May 2016 10:55:10