Vulnerability Details CVE-2007-5365
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.416
EPSS Ranking 97.2%
CVSS Severity
CVSS v2 Score 7.2
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446354
- http://secunia.com/advisories/27160
- http://secunia.com/advisories/27273
- http://secunia.com/advisories/27338
- http://secunia.com/advisories/27350
- http://secunia.com/advisories/32668
- http://securitytracker.com/id?1021157
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-109077-21-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1
- http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1962
- http://www.debian.org/security/2007/dsa-1388
- http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/dhcpd/options.c
- http://www.openbsd.org/errata40.html#016_dhcpd
- http://www.openbsd.org/errata41.html#010_dhcpd
- http://www.openbsd.org/errata42.html#001_dhcpd
- http://www.redhat.com/support/errata/RHSA-2007-0970.html
- http://www.securityfocus.com/archive/1/482085/100/100/threaded
- http://www.securityfocus.com/archive/1/483230/100/100/threaded
- http://www.securityfocus.com/bid/25984
- http://www.securityfocus.com/bid/32213
- http://www.securitytracker.com/id?1018794
- http://www.ubuntu.com/usn/usn-531-1
- http://www.ubuntu.com/usn/usn-531-2
- http://www.vupen.com/english/advisories/2008/3088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37045
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5817
- https://www.exploit-db.com/exploits/4601
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446354
- http://secunia.com/advisories/27160
- http://secunia.com/advisories/27273
- http://secunia.com/advisories/27338
- http://secunia.com/advisories/27350
- http://secunia.com/advisories/32668
- http://securitytracker.com/id?1021157
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-109077-21-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1
- http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1962
- http://www.debian.org/security/2007/dsa-1388
- http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/dhcpd/options.c
- http://www.openbsd.org/errata40.html#016_dhcpd
- http://www.openbsd.org/errata41.html#010_dhcpd
- http://www.openbsd.org/errata42.html#001_dhcpd
- http://www.redhat.com/support/errata/RHSA-2007-0970.html
- http://www.securityfocus.com/archive/1/482085/100/100/threaded
- http://www.securityfocus.com/archive/1/483230/100/100/threaded
- http://www.securityfocus.com/bid/25984
- http://www.securityfocus.com/bid/32213
- http://www.securitytracker.com/id?1018794
- http://www.ubuntu.com/usn/usn-531-1
- http://www.ubuntu.com/usn/usn-531-2
- http://www.vupen.com/english/advisories/2008/3088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37045
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5817
- https://www.exploit-db.com/exploits/4601
Products affected by CVE-2007-5365
-
cpe:2.3:o:debian:debian_linux:3.1
-
cpe:2.3:o:debian:debian_linux:4.0
-
cpe:2.3:o:openbsd:openbsd:4.0
-
cpe:2.3:o:openbsd:openbsd:4.1
-
cpe:2.3:o:openbsd:openbsd:4.2
-
cpe:2.3:o:redhat:enterprise_linux:2.1
-
cpe:2.3:o:redhat:linux_advanced_workstation:2.1
-
cpe:2.3:o:sun:opensolaris:snv_01
-
cpe:2.3:o:sun:opensolaris:snv_02
-
cpe:2.3:o:sun:opensolaris:snv_03
-
cpe:2.3:o:sun:opensolaris:snv_04
-
cpe:2.3:o:sun:opensolaris:snv_05
-
cpe:2.3:o:sun:opensolaris:snv_06
-
cpe:2.3:o:sun:opensolaris:snv_07
-
cpe:2.3:o:sun:opensolaris:snv_08
-
cpe:2.3:o:sun:opensolaris:snv_09
-
cpe:2.3:o:sun:opensolaris:snv_10
-
cpe:2.3:o:sun:opensolaris:snv_100
-
cpe:2.3:o:sun:opensolaris:snv_101
-
cpe:2.3:o:sun:opensolaris:snv_102
-
cpe:2.3:o:sun:opensolaris:snv_11
-
cpe:2.3:o:sun:opensolaris:snv_12
-
cpe:2.3:o:sun:opensolaris:snv_13
-
cpe:2.3:o:sun:opensolaris:snv_14
-
cpe:2.3:o:sun:opensolaris:snv_15
-
cpe:2.3:o:sun:opensolaris:snv_16
-
cpe:2.3:o:sun:opensolaris:snv_17
-
cpe:2.3:o:sun:opensolaris:snv_18
-
cpe:2.3:o:sun:opensolaris:snv_19
-
cpe:2.3:o:sun:opensolaris:snv_20
-
cpe:2.3:o:sun:opensolaris:snv_21
-
cpe:2.3:o:sun:opensolaris:snv_22
-
cpe:2.3:o:sun:opensolaris:snv_23
-
cpe:2.3:o:sun:opensolaris:snv_24
-
cpe:2.3:o:sun:opensolaris:snv_25
-
cpe:2.3:o:sun:opensolaris:snv_26
-
cpe:2.3:o:sun:opensolaris:snv_27
-
cpe:2.3:o:sun:opensolaris:snv_28
-
cpe:2.3:o:sun:opensolaris:snv_29
-
cpe:2.3:o:sun:opensolaris:snv_30
-
cpe:2.3:o:sun:opensolaris:snv_31
-
cpe:2.3:o:sun:opensolaris:snv_32
-
cpe:2.3:o:sun:opensolaris:snv_33
-
cpe:2.3:o:sun:opensolaris:snv_34
-
cpe:2.3:o:sun:opensolaris:snv_35
-
cpe:2.3:o:sun:opensolaris:snv_36
-
cpe:2.3:o:sun:opensolaris:snv_37
-
cpe:2.3:o:sun:opensolaris:snv_38
-
cpe:2.3:o:sun:opensolaris:snv_39
-
cpe:2.3:o:sun:opensolaris:snv_40
-
cpe:2.3:o:sun:opensolaris:snv_41
-
cpe:2.3:o:sun:opensolaris:snv_42
-
cpe:2.3:o:sun:opensolaris:snv_43
-
cpe:2.3:o:sun:opensolaris:snv_44
-
cpe:2.3:o:sun:opensolaris:snv_45
-
cpe:2.3:o:sun:opensolaris:snv_46
-
cpe:2.3:o:sun:opensolaris:snv_47
-
cpe:2.3:o:sun:opensolaris:snv_48
-
cpe:2.3:o:sun:opensolaris:snv_49
-
cpe:2.3:o:sun:opensolaris:snv_50
-
cpe:2.3:o:sun:opensolaris:snv_51
-
cpe:2.3:o:sun:opensolaris:snv_52
-
cpe:2.3:o:sun:opensolaris:snv_53
-
cpe:2.3:o:sun:opensolaris:snv_54
-
cpe:2.3:o:sun:opensolaris:snv_55
-
cpe:2.3:o:sun:opensolaris:snv_56
-
cpe:2.3:o:sun:opensolaris:snv_57
-
cpe:2.3:o:sun:opensolaris:snv_58
-
cpe:2.3:o:sun:opensolaris:snv_59
-
cpe:2.3:o:sun:opensolaris:snv_60
-
cpe:2.3:o:sun:opensolaris:snv_61
-
cpe:2.3:o:sun:opensolaris:snv_62
-
cpe:2.3:o:sun:opensolaris:snv_63
-
cpe:2.3:o:sun:opensolaris:snv_64
-
cpe:2.3:o:sun:opensolaris:snv_65
-
cpe:2.3:o:sun:opensolaris:snv_66
-
cpe:2.3:o:sun:opensolaris:snv_67
-
cpe:2.3:o:sun:opensolaris:snv_68
-
cpe:2.3:o:sun:opensolaris:snv_69
-
cpe:2.3:o:sun:opensolaris:snv_70
-
cpe:2.3:o:sun:opensolaris:snv_71
-
cpe:2.3:o:sun:opensolaris:snv_72
-
cpe:2.3:o:sun:opensolaris:snv_73
-
cpe:2.3:o:sun:opensolaris:snv_74
-
cpe:2.3:o:sun:opensolaris:snv_75
-
cpe:2.3:o:sun:opensolaris:snv_76
-
cpe:2.3:o:sun:opensolaris:snv_77
-
cpe:2.3:o:sun:opensolaris:snv_78
-
cpe:2.3:o:sun:opensolaris:snv_79
-
cpe:2.3:o:sun:opensolaris:snv_80
-
cpe:2.3:o:sun:opensolaris:snv_81
-
cpe:2.3:o:sun:opensolaris:snv_82
-
cpe:2.3:o:sun:opensolaris:snv_83
-
cpe:2.3:o:sun:opensolaris:snv_84
-
cpe:2.3:o:sun:opensolaris:snv_85
-
cpe:2.3:o:sun:opensolaris:snv_86
-
cpe:2.3:o:sun:opensolaris:snv_87
-
cpe:2.3:o:sun:opensolaris:snv_88
-
cpe:2.3:o:sun:opensolaris:snv_89
-
cpe:2.3:o:sun:opensolaris:snv_90
-
cpe:2.3:o:sun:opensolaris:snv_91
-
cpe:2.3:o:sun:opensolaris:snv_92
-
cpe:2.3:o:sun:opensolaris:snv_93
-
cpe:2.3:o:sun:opensolaris:snv_94
-
cpe:2.3:o:sun:opensolaris:snv_95
-
cpe:2.3:o:sun:opensolaris:snv_96
-
cpe:2.3:o:sun:opensolaris:snv_97
-
cpe:2.3:o:sun:opensolaris:snv_98
-
cpe:2.3:o:sun:opensolaris:snv_99
-
cpe:2.3:o:sun:solaris:10.0
-
cpe:2.3:o:sun:solaris:8.0
-
cpe:2.3:o:sun:solaris:9.0
-
cpe:2.3:o:ubuntu:ubuntu_linux:6.06
-
cpe:2.3:o:ubuntu:ubuntu_linux:6.10
-
cpe:2.3:o:ubuntu:ubuntu_linux:7.04
-
cpe:2.3:o:ubuntu:ubuntu_linux:7.10