SB2016011510 - Input validation error in dhcp (Alpine package)
Published: January 15, 2016
Security Bulletin ID
SB2016011510
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2015-8605)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=22e7e932857b63925e02a28dead479be5b913561
- https://git.alpinelinux.org/aports/commit/?id=56fa44d64b555ed36c56db990b6b66d4f6008605
- https://git.alpinelinux.org/aports/commit/?id=e4e5c6f3d1cc1e48fb4adcac7cc11071e0091d5e
- https://git.alpinelinux.org/aports/commit/?id=f9041af2778932877e193dedbfc4d119843c021a