Vulnerability CVE-2012-2152

Vulnerability Name:

CVE-2012-2152 (CCN-75336)

Assigned:

2012-05-02

Published:

2012-05-02

Updated:

2012-11-06

Summary:

Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-2152

Source: CCN
Type: dhcpcd Web site
dhcpcd - a RFC2131 compliant DHCP client

Source: DEBIAN
Type: UNKNOWN
DSA-2498

Source: DEBIAN
Type: DSA-2498
dhcpcd -- remote stack overflow

Source: MLIST
Type: UNKNOWN
[oss-security] 20120502 CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service

Source: MLIST
Type: UNKNOWN
[oss-security] 20120502 Re: CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service

Source: CCN
Type: OSVDB ID: 83228
Debian Linux dhcpcd DHCP Packet Handling Remote Overflow

Source: BID
Type: UNKNOWN
53354

Source: CCN
Type: BID-53354
dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability

Source: CCN
Type: Novell Bugzilla Bug 760334
VUL-0: dhcpcd: stack overflow

Source: MISC
Type: UNKNOWN
https://bugzilla.novell.com/show_bug.cgi?id=760334

Source: XF
Type: UNKNOWN
dhcpcd-packet-bo(75336)

Vulnerable Configuration:

Configuration 1:

cpe:/a:roy_marples:dhcpcd:3.2.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20122152	V	CVE-2012-2152	2022-05-20
oval:org.opensuse.security:def:32229	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:33046	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:32218	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:32217	P	Security update for samba (Important)	2021-11-19
oval:org.opensuse.security:def:33723	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:32979	P	Security update for libmspack (Moderate)	2021-08-17
oval:org.opensuse.security:def:32891	P	Security update for openexr (Moderate)	2021-04-07
oval:org.opensuse.security:def:28953	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:28936	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33002	P	Security update for kernel-source (Important)	2021-02-05
oval:org.opensuse.security:def:33684	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:32940	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:32834	P	Security update for curl (Moderate)	2020-12-18
oval:org.opensuse.security:def:28501	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29635	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:28642	P	Security update for binutils	2020-12-01
oval:org.opensuse.security:def:32305	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:28207	P	Security update for libmikmod (Moderate)	2020-12-01
oval:org.opensuse.security:def:28848	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:32534	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28219	P	Security update for librsvg (Important)	2020-12-01
oval:org.opensuse.security:def:32678	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28416	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28997	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:28558	P	Security update for gpg2	2020-12-01
oval:org.opensuse.security:def:29671	P	Security update for dhcpcd	2020-12-01
oval:org.opensuse.security:def:28794	P	Security update for mozilla-nspr, mozilla-nss	2020-12-01
oval:org.opensuse.security:def:32440	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28208	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:28897	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:32591	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28285	P	Security update for mysql (Moderate)	2020-12-01
oval:org.mitre.oval:def:20202	P	DSA-2498-1 dhcpcd - remote stack overflow	2014-06-23
oval:com.ubuntu.precise:def:20122152000	V	CVE-2012-2152 on Ubuntu 12.04 LTS (precise) - medium.	2012-07-25
oval:com.ubuntu.trusty:def:20122152000	V	CVE-2012-2152 on Ubuntu 14.04 LTS (trusty) - medium.	2012-07-25

BACK