CVE-2009-0692
Published Jul 14, 2009
Last updated 7 years ago
Overview
- Description
- Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
- Source
- cret@cert.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Vendor comments
- Red HatThis issue affected the dhcp packages as shipped with Red Hat Enterprise Linux 3 and 4. Updated packages to correct this issue are available via Red Hat Network: https://rhn.redhat.com/errata/CVE-2009-0692.html This issue did not affect the dhcp packages as shipped with Red Hat Enterprise Linux 5 due to the use of FORTIFY_SOURCE protection mechanism that changes the exploitability of the issue into a controlled application termination.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC3F60D5-1AC2-4FBD-9CA5-775F082D339D"
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E"
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE9B9007-1F13-4991-B44C-47D8EB56FB99"
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47"
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC"
}
],
"operator": "OR"
}
]
}
]