1. Home
  2. CVE Database
  3. CVE-2007-5365
HIGH · 7.2

CVE-2007-5365

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute ...

Vulnerability Description

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
DebianDebian Linux3.1
OpenbsdOpenbsd4.0
RedhatEnterprise Linux2.1
RedhatLinux Advanced Workstation2.1
SunOpensolarissnv_01
SunSolaris8.0
UbuntuUbuntu Linux6.06

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2007-5365?

CVE-2007-5365 is a vulnerability with a CVSS score of 7.2 (HIGH). Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute ...

How severe is CVE-2007-5365?

CVE-2007-5365 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5365?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Openbsd Openbsd, Redhat Enterprise Linux, Redhat Linux Advanced Workstation, Sun Opensolaris.