Bug 1549960 (CVE-2018-5732) - CVE-2018-5732 dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server
Summary: CVE-2018-5732 dhcp: Buffer overflow in dhclient possibly allowing code execut...
Status: CLOSED ERRATA
Alias: CVE-2018-5732
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20180228,repo...
Keywords: Security
Depends On: 1549978 1549979 1549998 1550082 1550083 1550246 1550248
Blocks: 1549964
TreeView+ depends on / blocked
 
Reported: 2018-02-28 07:28 UTC by Adam Mariš
Modified: 2019-06-08 22:43 UTC (History)
9 users (show)

(edit)
An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet.
Clone Of:
(edit)
Last Closed: 2018-03-13 09:03:31 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0469 normal SHIPPED_LIVE Important: dhcp security update 2018-03-09 15:09:18 UTC
Red Hat Product Errata RHSA-2018:0483 normal SHIPPED_LIVE Important: dhcp security update 2018-03-12 23:03:59 UTC

Description Adam Mariš 2018-02-28 07:28:02 UTC
Failure to properly bounds check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section.

Versions of DHCP affected: 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

Comment 2 Adam Mariš 2018-02-28 07:45:00 UTC
Acknowledgments:

Name: ISC
Upstream: Felix Wilhelm (Google)

Comment 8 Tomas Hoger 2018-02-28 20:30:32 UTC
Public now via upstream advisory.

External References:

https://kb.isc.org/article/AA-01565

Comment 9 Tomas Hoger 2018-02-28 20:32:06 UTC
Created dhcp tracking bugs for this issue:

Affects: fedora-all [bug 1550246]

Comment 12 errata-xmlrpc 2018-03-09 10:06:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:0469 https://access.redhat.com/errata/RHSA-2018:0469

Comment 13 errata-xmlrpc 2018-03-12 18:46:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0483 https://access.redhat.com/errata/RHSA-2018:0483


Note You need to log in before you can comment on or make changes to this bug.