Security fix for dhcpd

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Security fix for dhcpd

Todd C. Miller
    Malicious DHCP clients on the local network could cause dhcpd(8)
    to corrupt its stack.

    A DHCP client with a carefully chosen maximum message size that
    is less than the minimum IP MTU could lead to a buffer overflow
    in dhcpd(8).  This could cause dhcpd(8) to crash or could
    potentially result in remote code execution.

    Disable dhcpd if it is enabled.  Note that OpenBSD does not
    ship with dhcpd(8) enabled by default.

    A fix has been committed to OpenBSD-current.  Patches are
    available for OpenBSD 4.2, 4.1 and 4.0.

    The bug was found by Nahuel Riva and Gerardo Richarte of Core
    Security Technologies