Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 98394 - net-misc/dhcpcd Possible DoS issue
Summary: net-misc/dhcpcd Possible DoS issue
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on:
Reported: 2005-07-08 14:02 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-08-15 21:48 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-07-08 14:02:12 UTC
From Debian ChangeLog:

   * Fix a security hole. A malformed DHCP packet could crash dhcpcd
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2005-07-09 07:31:07 UTC
base-system, pls verify/advise
Comment 2 SpanKY gentoo-dev 2005-07-09 15:15:23 UTC
Roy: could you take care of this for us please ?
Comment 3 Roy Marples (RETIRED) gentoo-dev 2005-07-10 03:11:52 UTC
Merged in the patch by Simon Kelly the Debian dhcpcd maintainer.

Punted old ebuilds. r5 becomes r11, r10 becomes r12 - both have fix
r5 remains in the tree as it's marked stable - all others have been punted.
Comment 4 Roy Marples (RETIRED) gentoo-dev 2005-07-10 03:30:17 UTC
r11 has been marked stable for x86 and amd64
Comment 5 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-10 03:32:06 UTC
Calling arches. Please test and mark 1.3.22_p4-r11 stable. Thanks in advance.
(x86 and amd64 already stable)
Comment 6 René Nussbaumer (RETIRED) gentoo-dev 2005-07-10 07:16:46 UTC
Stable on hppa
Comment 7 Jason Wever (RETIRED) gentoo-dev 2005-07-10 08:21:14 UTC
Stable on SPARC.
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2005-07-10 13:29:10 UTC
marked ppc stable
Comment 9 Matthias Geerdsen (RETIRED) gentoo-dev 2005-07-11 05:25:58 UTC
- --------------------------------------------------------------------------
Debian Security Advisory DSA 750-1                                        Martin Schulze
July 11th, 2005               
- --------------------------------------------------------------------------

Package        : dhcpcd
Vulnerability  : out-of-bound memory access
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-1848

"infamous42md" discovered that dhcpcd, a DHCP client for automatically
configuring IPv4 networking, can be tricked into reading past the end
of the supplied DHCP buffer which could lead to the daemon crashing.
Comment 10 Markus Rothe (RETIRED) gentoo-dev 2005-07-11 10:21:00 UTC
stable on ppc64
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2005-07-11 16:01:18 UTC
Stable on alpha + ia64.
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-07-12 01:00:19 UTC
Ready for GLSA
Comment 13 Stephen Bennett (RETIRED) gentoo-dev 2005-07-12 05:20:29 UTC
mips stable
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2005-07-15 14:01:47 UTC
GLSA 200507-16
arm should mark stable to benefit from GLSA