FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dhcpcd -- multiple vulnerabilities

Affected packages
		dhcpcd	<	6.10.0

Details

VuXML ID	df587aa2-b5a5-11e5-9728-002590263bf5
Discovery	2016-01-04
Entry	2016-01-08

Nico Golde reports:

heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. Exploitation is non-trivial, but I'd love to be proven wrong.

invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can judge.

[source]

References

CVE Name	CVE-2016-1503
CVE Name	CVE-2016-1504
FreeBSD PR	ports/206015
URL	http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403
URL	http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30
URL	http://www.openwall.com/lists/oss-security/2016/01/07/3