SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Dhcp Vendors:   ISC (Internet Software Consortium)
Dhcp Buffer Overflow in 'dhclient' Lets Remote Servers Cause the Target Client to Crash
SecurityTracker Alert ID:  1040436
SecurityTracker URL:  http://securitytracker.com/id/1040436
CVE Reference:   CVE-2018-5732   (Links to External Site)
Date:  Feb 28 2018
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1.0 - 4.1-ESV-R15, 4.2.0 - 4.2.8, 4.3.0 - 4.3.6, 4.4.0
Description:   A vulnerability was reported in Dhcp. A remote user can cause the target dhclient to crash.

A remote server can return a specially crafted response to trigger a buffer overflow in the processing of DHCP options and cause the target dhclient to crash.

Felix Wilhelm, Google Security Team, reported this vulnerability.

Impact:   A remote user can cause the target dhclient to crash.
Solution:   The vendor has issued a fix (4.1-ESV-R15-P1, 4.3.6-P1, 4.4.1).

The vendor advisory is available at:

https://kb.isc.org/article/AA-01565/75/CVE-2018-5732

Vendor URL:  kb.isc.org/article/AA-01565/75/CVE-2018-5732 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 2 2018 (Ubuntu Issues Fix) Dhcp Buffer Overflow in 'dhclient' Lets Remote Servers Cause the Target Client to Crash
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS, 16.04 LTS, and 17.10.
Mar 10 2018 (Red Hat Issues Fix) Dhcp Buffer Overflow in 'dhclient' Lets Remote Servers Cause the Target Client to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Mar 10 2018 (CentOS Issues Fix) Dhcp Buffer Overflow in 'dhclient' Lets Remote Servers Cause the Target Client to Crash
CentOS has issued a fix for CentOS 6.
Mar 12 2018 (Red Hat Issues Fix) Dhcp Buffer Overflow in 'dhclient' Lets Remote Servers Cause the Target Client to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Mar 15 2018 (CentOS Issues Fix) Dhcp Buffer Overflow in 'dhclient' Lets Remote Servers Cause the Target Client to Crash
CentOS has issued a fix for CentOS 7.
May 10 2018 (McAfee Issues Fix for McAfee Web Gateway) Dhcp Buffer Overflow in 'dhclient' Lets Remote Servers Cause the Target Client to Crash
McAfee has issued a fix for McAfee Web Gateway.
May 29 2018 (Ubuntu Issues Fix) Dhcp Buffer Overflow in 'dhclient' Lets Remote Servers Cause the Target Client to Crash
Ubuntu has issued a fix for Ubuntu Linux 12.04 ESM.



 Source Message Contents

Subject:  https://kb.isc.org/article/AA-01565/75/CVE-2018-5732

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC