SB2014070113 - Resource management error in dhcpcd (Alpine package)
Published: July 1, 2014
Security Bulletin ID
SB2014070113
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2014-6060)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=f0a333624995d62f687b2c7a5c026d0a5ba648bf
- https://git.alpinelinux.org/aports/commit/?id=492e80f1123d853bf5ed5f1db8a3590bdf0e479b
- https://git.alpinelinux.org/aports/commit/?id=6bdb184bee8ac9364997e653cb3a30759d5096a0
- https://git.alpinelinux.org/aports/commit/?id=037757b269e17c62b4cacca5618a86a4d89787e7