CVE-2012-2152
https://notcve.org/view.php?id=CVE-2012-2152
Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet. Desbordamiento de búfer basado en pila en el método de get_packet socket.c en dhcpcd v3.2.3 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un paquete de gran longitud. • http://www.debian.org/security/2012/dsa-2498 http://www.openwall.com/lists/oss-security/2012/05/02/4 http://www.openwall.com/lists/oss-security/2012/05/02/5 http://www.securityfocus.com/bid/53354 https://bugzilla.novell.com/show_bug.cgi?id=760334 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0996
https://notcve.org/view.php?id=CVE-2011-0996
dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. dhcpcd antes de v5.2.12 permite a atacantes remotos ejecutar comandos de su elección vía metacaracteres encubiertos en un nombre de host obtenido a partir de un mensaje DHCP. • http://roy.marples.name/archives/dhcpcd-discuss/2011/0326.html http://roy.marples.name/projects/dhcpcd/changeset/c317b39786ac6c3a939dc711db7c78cf099859fd http://roy.marples.name/projects/dhcpcd/timeline http://secunia.com/advisories/44070 http://security.gentoo.org/glsa/glsa-201301-04.xml http://www.securityfocus.com/bid/47272 https://bugzilla.novell.com/show_bug.cgi?id=675052 https://exchange.xforce.ibmcloud.com/vulnerabilities/66641 • CWE-20: Improper Input Validation •