SUSE-SA:2009:037 -- SUSE dhcp-client remote code executionID: oval:org.secpod.oval:def:400065 | Date: (C)2012-01-31 (M)2022-03-04 |
Class: PATCH | Family: unix |
The DHCP client could be crashed by a malicious DHCP server sending an overlong subnet field CVE-2009-0692. In theory a malicious DHCP server could exploit the flaw to execute arbitrary code as root on machines using dhclient to obtain network settings. Newer distributions do have buffer overflow checking that guards against this kind of stack overflow though. So actual exploitability is rather unlikely.
Platform: |
openSUSE 10.3 |
openSUSE 11.1 |
openSUSE 11.0 |