Session fixation

🗓️ 04 Sep 2014 17:55:00Reported by PRIOn knowledge baseType

The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again

Reporter	Title	Published	Views	Family All 17
ALT Linux	Security fix for the ALT Linux 7 package dhcpcd version 1:5.6.8-alt2.M70P.1	19 Jan 201600:00	–	altlinux
Android Security Bulletins	Nexus Security Bulletin—April 2016Stay organized with collectionsSave and categorize content based on your preferences.	4 Apr 201600:00	–	androidsecurity
android	CVE-2014-6060	2 Apr 201600:00	–	android
CVE	CVE-2014-6060	4 Sep 201417:00	–	cve
Cvelist	CVE-2014-6060	4 Sep 201417:00	–	cvelist
Debian CVE	CVE-2014-6060	4 Sep 201417:00	–	debiancve
EUVD	EUVD-2014-5948	7 Oct 202500:30	–	euvd
Tenable Nessus	GLSA-201409-03 : dhcpcd: Denial of service	4 Sep 201400:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : dhcpcd (MDVSA-2014:171)	12 Sep 201400:00	–	nessus
Tenable Nessus	Slackware 13.1 / 13.37 / 14.0 / 14.1 / current : dhcpcd (SSA:2014-213-02)	4 Aug 201400:00	–	nessus

Source	Link
advisories	www.advisories.mageia.org/MGASA-2014-0334.html
securityfocus	www.securityfocus.com/bid/68970
roy	www.roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5
openwall	www.openwall.com/lists/oss-security/2014/09/01/11
mandriva	www.mandriva.com/security/advisories
slackware	www.slackware.com/security/viewer.php
openwall	www.openwall.com/lists/oss-security/2014/07/30/5
source	www.source.android.com/security/bulletin/2016-04-02.html

23 Jun 2016 11:56Current

7High risk

Vulners AI Score7

EPSS0.00111