Security bug in udhcp applet
Krishna Ram Prakash R
krp at gtux.in
Tue Jan 1 15:58:36 UTC 2019
A gentle reminder. Did you have any chance to look into this? I tried
looking into it but, I could not determine if the parsed options could
be controlled by an attacker. If it cannot be controlled, it is not a
security issue. Otherwise, this vulnerability could still be exploited.
On 12/20/18 5:53 PM, Krishna Ram Prakash R wrote:
> Hi Denys,
> Thanks for the fix!
> Wouldn't the option parsing loop in fill_envp() in dhcpc.c parse and
> load options without checking for the expected length and still result
> in out-of-bounds read? Any thoughts on that?
> On 12/18/18 12:17 AM, Denys Vlasenko wrote:
>> I committed a fix, see bz
>> On Mon, Dec 17, 2018 at 6:52 AM Krishna Ram Prakash R <krp at gtux.in> wrote:
>>> Hi all,
>>> I reported a security bug in udhcp applet, a few days back in busybox
>>> Bugzilla as I could not find any private disclosure mailing lists.
>>> But, it is not yet assigned and there are no activities in the bug report.
>>> Just a gentle reminder to the maintainers in case it has been missed.
>>>  https://bugs.busybox.net/show_bug.cgi?id=11506
>>> busybox mailing list
>>> busybox at busybox.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the busybox