Vulnerabilities > CVE-2014-6060 - Resource Management Errors vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-213-02.NASL description New dhcpcd packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 76975 published 2014-08-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76975 title Slackware 13.1 / 13.37 / 14.0 / 14.1 / current : dhcpcd (SSA:2014-213-02) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2014-213-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(76975); script_version("1.4"); script_cvs_date("Date: 2019/01/02 16:37:56"); script_cve_id("CVE-2014-6060"); script_bugtraq_id(68970); script_xref(name:"SSA", value:"2014-213-02"); script_name(english:"Slackware 13.1 / 13.37 / 14.0 / 14.1 / current : dhcpcd (SSA:2014-213-02)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New dhcpcd packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.462420 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2d742160" ); script_set_attribute( attribute:"solution", value:"Update the affected dhcpcd package." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:dhcpcd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"13.1", pkgname:"dhcpcd", pkgver:"5.2.12", pkgarch:"i486", pkgnum:"2_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"dhcpcd", pkgver:"5.2.12", pkgarch:"x86_64", pkgnum:"2_slack13.1")) flag++; if (slackware_check(osver:"13.37", pkgname:"dhcpcd", pkgver:"5.2.12", pkgarch:"i486", pkgnum:"2_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"dhcpcd", pkgver:"5.2.12", pkgarch:"x86_64", pkgnum:"2_slack13.37")) flag++; if (slackware_check(osver:"14.0", pkgname:"dhcpcd", pkgver:"5.5.6", pkgarch:"i486", pkgnum:"2_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"dhcpcd", pkgver:"5.5.6", pkgarch:"x86_64", pkgnum:"2_slack14.0")) flag++; if (slackware_check(osver:"14.1", pkgname:"dhcpcd", pkgver:"6.0.5", pkgarch:"i486", pkgnum:"3_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"dhcpcd", pkgver:"6.0.5", pkgarch:"x86_64", pkgnum:"3_slack14.1")) flag++; if (slackware_check(osver:"current", pkgname:"dhcpcd", pkgver:"6.0.5", pkgarch:"i486", pkgnum:"3")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"dhcpcd", pkgver:"6.0.5", pkgarch:"x86_64", pkgnum:"3")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:slackware_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-171.NASL description Updated dhcpcd package fixes security vulnerability : In dhcpcd before 6.4.3, a specially crafted packet received from a malicious DHCP server caused dhcpcd to enter an infinite loop, causing a denial of service (CVE-2014-6060). last seen 2020-06-01 modified 2020-06-02 plugin id 77650 published 2014-09-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77650 title Mandriva Linux Security Advisory : dhcpcd (MDVSA-2014:171) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:171. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(77650); script_version("1.4"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-6060"); script_bugtraq_id(68970); script_xref(name:"MDVSA", value:"2014:171"); script_name(english:"Mandriva Linux Security Advisory : dhcpcd (MDVSA-2014:171)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated dhcpcd package fixes security vulnerability : In dhcpcd before 6.4.3, a specially crafted packet received from a malicious DHCP server caused dhcpcd to enter an infinite loop, causing a denial of service (CVE-2014-6060)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0334.html" ); script_set_attribute( attribute:"solution", value:"Update the affected dhcpcd package." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcpcd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"dhcpcd-5.5.6-2.1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201409-03.NASL description The remote host is affected by the vulnerability described in GLSA-201409-03 (dhcpcd: Denial of service) A vulnerability has been discovered in dhcpcd. A malicious dhcp server can set flags as part of the dhcp reply that can cause a Denial of Service condition. Impact : A remote attacker can cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77512 published 2014-09-04 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77512 title GLSA-201409-03 : dhcpcd: Denial of service
References
- http://advisories.mageia.org/MGASA-2014-0334.html
- http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0
- http://source.android.com/security/bulletin/2016-04-02.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:171
- http://www.openwall.com/lists/oss-security/2014/07/30/5
- http://www.openwall.com/lists/oss-security/2014/09/01/11
- http://www.securityfocus.com/bid/68970
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.462420