[ASA-201803-3] dhclient: denial of service
Santiago Torres-Arias
santiago at archlinux.org
Tue Mar 6 15:28:25 UTC 2018
Arch Linux Security Advisory ASA-201803-3
=========================================
Severity: High
Date : 2018-03-05
CVE-ID : CVE-2018-5732
Package : dhclient
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-648
Summary
=======
The package dhclient before version 4.4.1-1 is vulnerable to denial of
service.
Resolution
==========
Upgrade to 4.4.1-1.
# pacman -Syu "dhclient>=4.4.1-1"
The problem has been fixed upstream in version 4.4.1.
Workaround
==========
None.
Description
===========
An out-of-bound memory access flaw was found in the way dhclient
processed a DHCP response packet. A malicious DHCP server could
potentially use this flaw to crash dhclient processes running on DHCP
client machines via a crafted DHCP response packet.
Impact
======
A remote attacker is able to crash the dhclient processes via a crafted
DHCP response packet.
References
==========
https://kb.isc.org/article/AA-01565
https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=c5931725b48b121d232df4ba9e45bc41e0ba114d
https://bugs.isc.org/Public/Bug/Display.html?id=47139
https://security.archlinux.org/CVE-2018-5732
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20180306/e48745e6/attachment.asc>
More information about the arch-security
mailing list