Vulnerability CVE-2016-1504


Published: 2017-02-07

Description:
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.

Vendor: Dhcpcd project
Product: Dhcpcd 
Version: 6.9.4;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403
http://roy.marples.name/projects/dhcpcd/timeline?r=trunk&nd&c=2016-01-07+16%3A47%3A19&n=200
http://www.openwall.com/lists/oss-security/2016/01/07/3
http://www.openwall.com/lists/oss-security/2016/01/07/4
http://www.securitytracker.com/id/1034601
https://security.gentoo.org/glsa/201606-07

Related CVE
CVE-2019-11766
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
CVE-2019-11579
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
CVE-2019-11578
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
CVE-2019-11577
dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.
CVE-2016-1503
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of s...
CVE-2012-6699
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.
CVE-2012-6700
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
CVE-2012-6698
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.

Copyright 2019, cxsecurity.com

 

Back to Top