Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2020-7461

Published: 26/03/2021 Updated: 16/09/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Freebsd

Vulnerability Summary

In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freebsd freebsd 11.3

freebsd freebsd 11.4

freebsd freebsd 12.1

siemens simatic_rf350m_firmware

siemens simatic_rf650m_firmware

Github Repositories

https://github.com/knqyf263/CVE-2020-7461

PoC for DHCP vulnerability (NAME:WRECK) in FreeBSD

CVE-2020-7461 PoC for DHCP vulnerability (NAME:WRECK) in FreeBSD For educational purposes only Environment Host: macOS 1121 Vagrant: 2215 Victim: FreeBSD 121-STABLE r364849 Attacker: Ubuntu 2004 Disclaimer This PoC will cause DoS instead of RCE to prevent abuse PoC Turn off DHCP server in VirtualBox Launch VMs $ cd victim $ vagrant up $ cd

https://github.com/0xkol/freebsd-dhclient-poc

Reproducer PoC for FreeBSD dhclient heap-based buffer overflow vulnerability when parsing DHCP option 119 (CVE-2020-7461)

CVE-2020-7461 Reproducer PoC Authors: Moshe Kol, Shlomi Oberman Reproducer PoC for FreeBSD dhclient heap-based buffer overflow vulnerability when parsing DHCP option 119 (CVE-2020-7461) The problem resides in the function find_search_domain_name_len in the file sbin/dhclient/optionsc This function is called by expand_domain_search when DHCP option 119 (domain search, RFC 339

References

CWE-787https://security.FreeBSD.org/advisories/FreeBSD-SA-20:26.dhclient.aschttps://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdfhttps://nvd.nist.govhttps://github.com/knqyf263/CVE-2020-7461
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook