CVE-2012-2152

Name of the Vulnerable Software and Affected Versions dhcpcd versions 3.2.3

Description The issue concerns multiple vulnerabilities in the dhcpcd package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A specific vulnerability is a stack-based buffer overflow in the get packet method in socket.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.

Recommendations For dhcpcd version 3.2.3, consider disabling the get packet method in socket.c as a temporary workaround until a patch is available. Restrict access to the dhcpcd package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.