Main Vulnerability Database SB2014090308

SB2014090308 - Gentoo update for dhcpcd

Published: September 3, 2014 Updated: September 25, 2016

Security Bulletin ID SB2014090308

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2014-6060)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.

Remediation

Install update from vendor's website.

References

https://security.gentoo.org/
https://security.gentoo.org/glsa/201409-03