Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5365

CWE-119 — Buffer Overflow10 documents7 sources

Severity

7.2HIGH

EPSS

43.5%

top 2.49%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Debian Linux Openbsd Openbsd Redhat Enterprise Linux +4 more

Timeline

PublishedOct 11

Latest updateMay 1

Description

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

▶NVDopenbsd/openbsd4.0, 4.1, 4.2+2

▶NVDsun/solaris10.0, 8.0, 9.0+2

▶NVDsun/opensolaris102 versions+101

▶NVDredhat/linux_advanced_workstation2.1

Also affects: Debian Linux 3.1, 4.0, Ubuntu Linux 6.06, 6.10, 7.04, 7.10, Enterprise Linux 2.1

Patches

Patch: www.openbsd.org ↗Patch: www.openbsd.org ↗Patch: www.openbsd.org ↗

🔴Vulnerability Details

GHSA

GHSA-q79j-j4r9-8grp: Stack-based buffer overflow in the cons_options function in options↗2022-05-01

▶

CVEList

CVE-2007-5365: Stack-based buffer overflow in the cons_options function in options↗2007-10-11

▶

💥Exploits & PoCs

Exploit-DB

Ubuntu 6.06 - DHCPd Remote Denial of Service↗2007-11-02

▶

📋Vendor Advisories

Ubuntu

dhcp vulnerability↗2007-10-23

▶

Ubuntu

dhcp vulnerability↗2007-10-22

▶

Red Hat

dhcpd stack-based buffer overlow↗2007-10-08

▶

Red Hat

security flaw↗2007-10-08

▶

💬Community

Bugzilla

CVE-2007-0063 security flaw↗2018-08-16

▶

Bugzilla

CVE-2007-5365 dhcpd stack-based buffer overlow↗2007-10-11

▶