Title: DHCDBD Remote Denial of Service Vulnerability
Severity: MODERATE
Description:
DHCDBD is a daemon that provides a DBUS interface to dhclient. It allows other applications, such as NetworkManager, to query and control DHCP interfaces.
DHCDBD is prone to a remote denial-of-service vulnerability. This issue arises because the application fails to handles exceptional conditions in a proper manner.
Specifically, the issue presents itself when the application handles DHCP hostnames of a single character. If this single character's ASCII value is less than 32 or greater than 127, then the application will crash due to an attempt to access unallocated memory.
DHCDBD 1.10 and 1.12 are vulnerable to this issue; other versions may also be affected.
Affected Products:
- GNOME dhcdbd 1.10
- GNOME dhcdbd 1.12
- S.u.S.E. Linux Personal 10.0.0 OSS
- S.u.S.E. Linux Professional 10.0.0
- S.u.S.E. Linux Professional 10.0.0 OSS
- Ubuntu Ubuntu Linux 6.06 LTS amd64
- Ubuntu Ubuntu Linux 6.06 LTS i386
- Ubuntu Ubuntu Linux 6.06 LTS powerpc
References:
- Launchpad: Bug #49104
- Red Hat: Bugzilla Bug 189529 – memory corruption on receipt of single-byte non-ascii valu
- Red Hat: DHCDBD Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
