FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dhcpcd -- multiple vulnerabilities

Affected packages
dhcpcd < 6.10.0

Details

VuXML ID df587aa2-b5a5-11e5-9728-002590263bf5
Discovery 2016-01-04
Entry 2016-01-08

Nico Golde reports:

heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. Exploitation is non-trivial, but I'd love to be proven wrong.

invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can judge.

References

CVE Name CVE-2016-1503
CVE Name CVE-2016-1504
FreeBSD PR ports/206015
URL http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403
URL http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30
URL http://www.openwall.com/lists/oss-security/2016/01/07/3