6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9 High
AI Score
Confidence
High
0.012 Low
EPSS
Percentile
85.4%
Package : dhcpcd5
Version : 5.5.6-1+deb7u2
CVE ID : CVE-2014-7912 CVE-2014-7913
Debian Bug : N/A
Two vulnerabilities were discovered in dhcpcd5 a DHCP client package.
A remote (on a local network) attacker can possibly execute arbitrary
code or cause a denial of service attack by crafted messages.
CVE-2014-7912
The get_option function does not validate the relationship between
length fields and the amount of data, which allows remote DHCP
servers to execute arbitrary code or cause a denial of service
(memory corruption) via a large length value of an option in a
DHCPACK message.
CVE-2014-7913
The print_option function misinterprets the return value of the
snprintf function, which allows remote DHCP servers to execute
arbitrary code or cause a denial of service (memory corruption)
via a crafted message.
For Debian 7 "Wheezy", these problems have been fixed in version
5.5.6-1+deb7u2.
We recommend that you upgrade your dhcpcd5 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | armhf | dhcpcd5 | < 5.5.6-1+deb7u2 | dhcpcd5_5.5.6-1+deb7u2_armhf.deb |
Debian | 7 | amd64 | dhcpcd5 | < 5.5.6-1+deb7u2 | dhcpcd5_5.5.6-1+deb7u2_amd64.deb |
Debian | 7 | i386 | dhcpcd5 | < 5.5.6-1+deb7u2 | dhcpcd5_5.5.6-1+deb7u2_i386.deb |
Debian | 7 | all | dhcpcd5 | < 5.5.6-1+deb7u2 | dhcpcd5_5.5.6-1+deb7u2_all.deb |
Debian | 7 | armel | dhcpcd5 | < 5.5.6-1+deb7u2 | dhcpcd5_5.5.6-1+deb7u2_armel.deb |