Slackware Advisory SSA:2005-255-01 Dhcpcd DoS Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2005-255-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2005-255-01

Insight

New dhcpcd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a minor security issue. The dhcpcd daemon can be tricked into reading past the end of the DHCP buffer by a malicious DHCP server, which causes the dhcpcd daemon to crash and results in a denial of service. Of course, a malicious DHCP server could simply give you an IP address that wouldn't work, too, such as 127.0.0.1, but since people have been asking about this issue, here's a fix, and that's the extent of the impact. In other words, very little real impact.

Severity

Classification

CVE CVE-2005-1848
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Slackware Advisory SSA:2006-155-02 firefox/thunderbird/seamonkey
Slackware Advisory SSA:2006-357-04 koffice
Slackware Advisory SSA:2004-257-01 samba DoS
Slackware Advisory SSA:2005-170-01 New Java packages
Slackware Advisory SSA:2003-141-02 BitchX security fixes

Slackware Advisory SSA:2005-255-01 dhcpcd DoS

Take action and discover your vulnerabilities