BID:53354

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability

Info

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability

Bugtraq ID:	53354
Class:	Boundary Condition Error
CVE:	CVE-2012-2152
Remote:	Yes
Local:	No
Published:	May 02 2012 12:00AM
Updated:	Jan 12 2016 02:07AM
Credit:	Marcus Meissner
Vulnerable:	dhcpcd dhcpcd 3.2.3 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64

Not Vulnerable:

Discussion

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability

dhcpcd is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a fixed-length buffer.

Successfully exploiting this issue allows a remote attacker to execute arbitrary code in the context of the application. Failed exploits will result in denial-of-service condition.

Exploit / POC

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability

References:

Bug 760334 - VUL-0: dhcpcd: stack overflow (Novell)
dhcpcd Homepage (dhcpcd)