CVE-2009-0692
HIGH severity · CVSS 10 · Memory corruption
10CVSS HIGH
Summary
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)26%
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/35785Advisory
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html
- http://secunia.com/advisories/35829
- http://secunia.com/advisories/35830
- http://secunia.com/advisories/35831
- http://secunia.com/advisories/35832