PT-2018-3312 · Freebsd · Freebsd

Published

2018-12-19

Updated

2019-10-03

CVE-2018-17161

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 11.2-STABLE(r348229) FreeBSD versions prior to 11.2-RELEASE-p7 FreeBSD versions prior to 12.0-STABLE(r342228) FreeBSD versions prior to 12.0-RELEASE-p1

Description The issue is related to insufficient validation of network-provided data in the bootpd component, which may lead to a stack buffer overflow. This could result in a Denial of Service or potentially allow for remote code execution. The vulnerability can be exploited by a malicious attacker crafting a specific bootp packet.

Recommendations For versions prior to 11.2-STABLE(r348229), update to 11.2-STABLE(r348229) or later. For versions prior to 11.2-RELEASE-p7, update to 11.2-RELEASE-p7 or later. For versions prior to 12.0-STABLE(r342228), update to 12.0-STABLE(r342228) or later. For versions prior to 12.0-RELEASE-p1, update to 12.0-RELEASE-p1 or later.

Fix

RCE

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2019-04678

CVE-2018-17161

FREEBSD-SA-18_15

Affected Products

Freebsd

PT-2018-3312 · Freebsd · Freebsd

CVE-2018-17161

Weakness Enumeration

Related Identifiers

Affected Products

References · 8