Think you have a false positive on this rule?

Sid 1-43752

Message

SERVER-OTHER Sun Solaris dhcpd malformed bootp denial of service attempt

Summary

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

Impact

CVSS base score 7.2 CVSS impact score 10.0 CVSS exploitability score 3.9 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2007-5365:

CVSS base score 7.2

CVSS impact score 10.0

CVSS exploitability score 3.9

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2007-5365: Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

Affected systems

  • debian debian_linux 3.1
  • debian debian_linux 4.0
  • openbsd openbsd 4.0
  • openbsd openbsd 4.1
  • openbsd openbsd 4.2
  • redhat enterprise_linux 2.1
  • redhat linuxadvancedworkstation 2.1
  • sun opensolaris snv_01
  • sun opensolaris snv_02
  • sun opensolaris snv_03
  • sun opensolaris snv_04
  • sun opensolaris snv_05
  • sun opensolaris snv_06
  • sun opensolaris snv_07
  • sun opensolaris snv_08
  • sun opensolaris snv_09
  • sun opensolaris snv_10
  • sun opensolaris snv_11
  • sun opensolaris snv_12
  • sun opensolaris snv_13
  • sun opensolaris snv_14
  • sun opensolaris snv_15
  • sun opensolaris snv_16
  • sun opensolaris snv_17
  • sun opensolaris snv_18
  • sun opensolaris snv_19
  • sun opensolaris snv_20
  • sun opensolaris snv_21
  • sun opensolaris snv_22
  • sun opensolaris snv_23
  • sun opensolaris snv_24
  • sun opensolaris snv_25
  • sun opensolaris snv_26
  • sun opensolaris snv_27
  • sun opensolaris snv_28
  • sun opensolaris snv_29
  • sun opensolaris snv_30
  • sun opensolaris snv_31
  • sun opensolaris snv_32
  • sun opensolaris snv_33
  • sun opensolaris snv_34
  • sun opensolaris snv_35
  • sun opensolaris snv_36
  • sun opensolaris snv_37
  • sun opensolaris snv_38
  • sun opensolaris snv_39
  • sun opensolaris snv_40
  • sun opensolaris snv_41
  • sun opensolaris snv_42
  • sun opensolaris snv_43
  • sun opensolaris snv_44
  • sun opensolaris snv_45
  • sun opensolaris snv_46
  • sun opensolaris snv_47
  • sun opensolaris snv_48
  • sun opensolaris snv_49
  • sun opensolaris snv_50
  • sun opensolaris snv_51
  • sun opensolaris snv_52
  • sun opensolaris snv_53
  • sun opensolaris snv_54
  • sun opensolaris snv_55
  • sun opensolaris snv_56
  • sun opensolaris snv_57
  • sun opensolaris snv_58
  • sun opensolaris snv_59
  • sun opensolaris snv_60
  • sun opensolaris snv_61
  • sun opensolaris snv_62
  • sun opensolaris snv_63
  • sun opensolaris snv_64
  • sun opensolaris snv_65
  • sun opensolaris snv_66
  • sun opensolaris snv_67
  • sun opensolaris snv_68
  • sun opensolaris snv_69
  • sun opensolaris snv_70
  • sun opensolaris snv_71
  • sun opensolaris snv_72
  • sun opensolaris snv_73
  • sun opensolaris snv_74
  • sun opensolaris snv_75
  • sun opensolaris snv_76
  • sun opensolaris snv_77
  • sun opensolaris snv_78
  • sun opensolaris snv_79
  • sun opensolaris snv_80
  • sun opensolaris snv_81
  • sun opensolaris snv_82
  • sun opensolaris snv_83
  • sun opensolaris snv_84
  • sun opensolaris snv_85
  • sun opensolaris snv_86
  • sun opensolaris snv_87
  • sun opensolaris snv_88
  • sun opensolaris snv_89
  • sun opensolaris snv_90
  • sun opensolaris snv_91
  • sun opensolaris snv_92
  • sun opensolaris snv_93
  • sun opensolaris snv_94
  • sun opensolaris snv_95
  • sun opensolaris snv_96
  • sun opensolaris snv_97
  • sun opensolaris snv_98
  • sun opensolaris snv_99
  • sun opensolaris snv_100
  • sun opensolaris snv_101
  • sun opensolaris snv_102
  • sun solaris 8.0
  • sun solaris 9.0
  • sun solaris 10.0
  • ubuntu ubuntu_linux 6.06
  • ubuntu ubuntu_linux 6.10
  • ubuntu ubuntu_linux 7.04
  • ubuntu ubuntu_linux 7.10

Ease of attack

CVE-2007-5365:

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References