Vulnerability Note VU#257164
Microsoft DHCP Client service contains a buffer overflow
OverviewMicrosoft DHCP Client service contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
I. DescriptionDynamic Host Configuration Protocol (DHCP)
As described in RFC 2131, "The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network."
The Problem
The Microsoft DHCP Client service contains a buffer overflow. If a remote attacker responds to a DHCP request with a specially crafted DHCP response, that attacker may be able to trigger the buffer overflow on the requesting system.
For more information refer to Microsoft Security Bulletin MS06-036.
II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code.
III. SolutionApply a patch from your vendor
Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS06-036.
Systems Affected
References
http://www.microsoft.com/technet/security/bulletin/ms06-036.mspx
http://www.faqs.org/rfcs/rfc2131.html
Credit
This vulnerability was reported in Microsoft Security Bulletin MS06-036. Microsoft credits Mariano Nuņez Di Croce of Cybsec Security Systems for providing information regarding this vulnerability.
This document was written by Jeff Gennari.
Other Information
| Date Public | 07/11/2006 |
| Date First Published | 07/11/2006 05:09:05 PM |
| Date Last Updated | 07/13/2006 |
| CERT Advisory | |
| CVE Name | CVE-2006-2372 |
| Metric | 78.00 |
| Document Revision | 10 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
