FreeBSD bsnmpd 'bootpd' Remote Stack Buffer Overflow Vulnerability

Bugtraq ID:	106292
Class:	Boundary Condition Error
CVE:	CVE-2018-17161
Remote:	Yes
Local:	No
Published:	Dec 19 2018 12:00AM
Updated:	Dec 19 2018 12:00AM
Credit:	Reno Robert
Vulnerable:	FreeBSD Freebsd 12.0 FreeBSD Freebsd 11.2-RELEASE-p6 FreeBSD Freebsd 11.2-RELEASE-p5 FreeBSD Freebsd 11.2-RELEASE-p2 FreeBSD Freebsd 11.2-RELEASE-p1 FreeBSD Freebsd 11.2
Not Vulnerable:	FreeBSD Freebsd 12.0-STABLE FreeBSD Freebsd 12.0-RELEASE p1 FreeBSD Freebsd 11.2-STABLE FreeBSD Freebsd 11.2-RELEASE-p7

FreeBSD bsnmpd 'bootpd' Remote Stack Buffer Overflow Vulnerability

FreeBSD bootpd is prone to a remote stack-based buffer-overflow vulnerability.

Successful exploits allow remote attackers to execute arbitrary code in the context of the service daemon. Failed exploit attempts likely result in denial-of-service conditions.

FreeBSD bsnmpd 'bootpd' Remote Stack Buffer Overflow Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

FreeBSD bsnmpd 'bootpd' Remote Stack Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or contact the vendor for more information.

FreeBSD bsnmpd 'bootpd' Remote Stack Buffer Overflow Vulnerability

References:

• FreeBSD Homepage (FreeBSD)
  
• FreeBSD Security Advisory FreeBSD-SA-18:15.bootpd ()