CVE-2014-6060
Published: 4 September 2014
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
From the Ubuntu Security Team
It was discovered that dhcpcd incorrectly handled DHO_OPTIONSOVERLOADED option. An attaacker could possibly use this issue to cause a denial of service.
Notes
| Author | Note |
|---|---|
| mdeslaur | Affects dhcpcd 4.0.0 to 6.4.2 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
dhcpcd Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| lucid |
Not vulnerable
(code not present)
|
|
| precise |
Not vulnerable
(code not present)
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(code not present)
|
|
| vivid |
Not vulnerable
(code not present)
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
dhcpcd5 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(6.0.5-2)
|
| bionic |
Not vulnerable
(6.0.5-2)
|
|
| cosmic |
Not vulnerable
(6.0.5-2)
|
|
| lucid |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Released
(6.0.5-2build0.14.04.1)
|
|
| upstream |
Released
(6.0.5-2)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Not vulnerable
(6.0.5-2)
|
|
| xenial |
Not vulnerable
(6.0.5-2)
|
|
| yakkety |
Not vulnerable
(6.0.5-2)
|
|
| zesty |
Not vulnerable
(6.0.5-2)
|