Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
668
VMScore

CVE-2020-7461

Published: 26/03/2021 Updated: 16/09/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freebsd freebsd 11.3

freebsd freebsd 12.1

freebsd freebsd 11.4

siemens simatic rf350m firmware

siemens simatic rf650m firmware

Github Repositories

https://github.com/0xkol/freebsd-dhclient-poc

Reproducer PoC for FreeBSD dhclient heap-based buffer overflow vulnerability when parsing DHCP option 119 (CVE-2020-7461)

CVE-2020-7461 Reproducer PoC Authors: Moshe Kol, Shlomi Oberman Reproducer PoC for FreeBSD dhclient heap-based buffer overflow vulnerability when parsing DHCP option 119 (CVE-2020-7461) The problem resides in the function find_search_domain_name_len in the file sbin/dhclient/optionsc This function is called by expand_domain_search when DHCP option 119 (domain search, RFC 339

https://github.com/knqyf263/CVE-2020-7461

PoC for DHCP vulnerability (NAME:WRECK) in FreeBSD

CVE-2020-7461 PoC for DHCP vulnerability (NAME:WRECK) in FreeBSD For educational purposes only Environment Host: macOS 1121 Vagrant: 2215 Victim: FreeBSD 121-STABLE r364849 Attacker: Ubuntu 2004 Disclaimer This PoC will cause DoS instead of RCE to prevent abuse PoC Turn off DHCP server in VirtualBox Launch VMs $ cd victim $ vagrant up $ cd

References

CWE-787https://security.FreeBSD.org/advisories/FreeBSD-SA-20:26.dhclient.aschttps://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdfhttps://nvd.nist.govhttps://github.com/0xkol/freebsd-dhclient-poc
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103CVE-2024-36279CVE-2024-38457elevation of privilegeCVE-2024-27801CVE-2024-30103NULL pointer dereferenceCVE-2024-6057XML injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook