FreeBSD dhclient Heap Buffer Overrun Vulnerability Allowing Remote Code Execution
Vulnerability
A heap buffer overrun vulnerability has been identified in the dhclient utility, which is the default IPv4 DHCP client on FreeBSD. This vulnerability affects all supported versions of FreeBSD. The issue arises when dhclient resizes the array of string pointers to pass parameters to dhclient-script. The code incorrectly calculates the new size, leading to a buffer overrun. A specially crafted packet can exploit this flaw, causing a crash and potentially allowing remote code execution.
Impact
Exploitation of this vulnerability can lead to a heap buffer overrun, causing a crash and potentially allowing remote code execution.
Remediation
Users can upgrade to a supported FreeBSD stable or release branch dated after the correction date. Instructions for updating via the pkg utility, freebsd-update utility, or by applying a source code patch are available in the FreeBSD Security Advisory.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.