SB2012080203 - Buffer overflow in dhcp (Alpine package)
Published: August 2, 2012
Security Bulletin ID
SB2012080203
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2012-3571)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=8b8541dfa15ac87cbe85af2d038d51bd470afee3
- https://git.alpinelinux.org/aports/commit/?id=9e86eac9ccecbceef248af531bf9773eca4e70b3
- https://git.alpinelinux.org/aports/commit/?id=57e10f486eafd6fb8702fb7fc6786b5f6a585c10
- https://git.alpinelinux.org/aports/commit/?id=1a4dbb396e0c9359ae50d03c6fb8acdb3480df2d