FreeBSD : dhcpcd -- remote code execution/denial of service (6ec9f210-0404-11e6-9aee-bc5ff4fb5ea1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

MITRE reports :

The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as
used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products,
misinterprets the return value of the snprintf function, which allows
remote DHCP servers to execute arbitrary code or cause a denial of
service (memory corruption) via a crafted message.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208702
http://roy.marples.name/projects/dhcpcd/info/528541c4c619520e
http://www.nessus.org/u?85caacdd

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 90554 ()

Bugtraq ID:

CVE ID: CVE-2014-7913

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now