CVE-2009-0692

ISC DHCP dhclient < 3.1.2p1 - Remote Buffer Overflow (PoC)

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.

Desbordamiento de búfer basado en pila en el método script_write_params en client/dhclient.c en ISC DHCP dhclient v4.1 anteriores a v4.1.0p1, v4.0 anteriores a v4.0.1p1, v3.1 anteriores a v3.1.2p1, v3.0, y v2.0 permite a servidores DHCP remotos ejecutar código arbitrario a través de una opción manipulada subnet-mask.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-02-22 CVE Reserved
2009-07-14 CVE Published
2009-07-27 First Exploit
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121: Stack-based Buffer Overflow

CAPEC

References (38)

URL	Tag	Source
http://secunia.com/advisories/35829	Third Party Advisory
http://secunia.com/advisories/35830	Third Party Advisory
http://secunia.com/advisories/35831	Third Party Advisory
http://secunia.com/advisories/35832	Third Party Advisory
http://secunia.com/advisories/35841	Third Party Advisory
http://secunia.com/advisories/35849	Third Party Advisory
http://secunia.com/advisories/35850	Third Party Advisory
http://secunia.com/advisories/35851	Third Party Advisory
http://secunia.com/advisories/35880	Third Party Advisory
http://secunia.com/advisories/36457	Third Party Advisory
http://secunia.com/advisories/37342	Third Party Advisory
http://secunia.com/advisories/40551	Third Party Advisory
http://www.kb.cert.org/vuls/id/410676	Third Party Advisory
http://www.osvdb.org/55819	Vdb Entry
http://www.securityfocus.com/bid/35668	Vdb Entry
http://www.securitytracker.com/id?1022548	Vdb Entry
http://www.vupen.com/english/advisories/2009/1891	Vdb Entry
http://www.vupen.com/english/advisories/2010/1796	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941	Signature
https://www.isc.org/downloadables/12	X_refsource_confirm

URL	Date	SRC
https://www.exploit-db.com/exploits/9265	2009-07-27

URL	Date	SRC
https://www.isc.org/node/468	2017-09-29

URL	Date	SRC
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc	2017-09-29
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083	2017-09-29
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html	2017-09-29
http://secunia.com/advisories/35785	2017-09-29
http://security.gentoo.org/glsa/glsa-200907-12.xml	2017-09-29
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471	2017-09-29
http://www.debian.org/security/2009/dsa-1833	2017-09-29
http://www.mandriva.com/security/advisories?name=MDVSA-2009:151	2017-09-29
http://www.redhat.com/support/errata/RHSA-2009-1136.html	2017-09-29
http://www.redhat.com/support/errata/RHSA-2009-1154.html	2017-09-29
http://www.ubuntu.com/usn/usn-803-1	2017-09-29
https://bugzilla.redhat.com/show_bug.cgi?id=507717	2009-07-14
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html	2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html	2017-09-29
https://access.redhat.com/security/cve/CVE-2009-0692	2009-07-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				2.0 Search vendor "Isc" for product "Dhcp" and version "2.0"		-		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				3.0 Search vendor "Isc" for product "Dhcp" and version "3.0"		-		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				3.1 Search vendor "Isc" for product "Dhcp" and version "3.1"		-		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.0 Search vendor "Isc" for product "Dhcp" and version "4.0"		-		Affected
Isc Search vendor "Isc"		Dhcp Search vendor "Isc" for product "Dhcp"				4.1.0 Search vendor "Isc" for product "Dhcp" and version "4.1.0"		-		Affected