Bird_banner_small4
ISC DHCP dhclient pretty_print_option Stack Buffer Overflow
TSL ID TSL20180301-05
CVE ID(s) CVE-2018-5732
Severity Critical
Description

A stack-based buffer overflow vulnerability has been reported in ISC DHCP dhclient. The vulnerability is due to improper handling of DHCP options when writing to a lease file.

A remote attacker on the local network can exploit this vulnerability by sending a malicious response to a vulnerable client. Successful exploitation could result in the execution of arbitrary code under the context of the dhclient process.

The vendor, ISC, has released the following advisory regarding this vulnerability:

https://kb.isc.org/article/AA-01565

Affected Products
  • ISC DHCP dhclient 4.1 prior to 4.1-ESV-R15-P1
  • ISC DHCP dhclient 4.3 prior to 4.3.6-P1
  • ISC DHCP dhclient 4.4 prior to 4.4.1
CVSS Score Base 7.9 (AV:A/AC:M/Au:N/C:C/I:C/A:C):
  • Access vector is ADJACENT NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is COMPLETE
  • Impact of this vulnerability on data integrity is COMPLETE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 5.8 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://kb.isc.org/article/AA-01565
Related Threats