CVE-2007-5365

Name of the Vulnerable Software and Affected Versions dhcpd versions 4.0 through 4.2 dhcp-client-udeb (affected versions not specified) dhcp-relay (affected versions not specified) dhcp (affected versions not specified)

Description The issue involves multiple vulnerabilities in the dhcp package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker. Additionally, a stack-based buffer overflow vulnerability in the cons options function in options.c in dhcpd allows remote attackers to execute arbitrary code or cause a denial of service via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

Recommendations For dhcpd versions 4.0 through 4.2, consider updating to a newer version to mitigate the risk of exploitation. For dhcp-client-udeb, dhcp-relay, and dhcp, at the moment, there is no information about a newer version that contains a fix for this vulnerability.