PublicDate: 2007-10-11 10:17:00 UTC
Candidate: CVE-2007-5365
References: 
 https://ubuntu.com/security/notices/USN-531-2
 https://ubuntu.com/security/notices/USN-531-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5365
Description:
 Stack-based buffer overflow in the cons_options function in options.c in
 dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations
 based on ISC dhcp-2, allows remote attackers to execute arbitrary code or
 cause a denial of service (daemon crash) via a DHCP request specifying a
 maximum message size smaller than the minimum IP MTU.
Ubuntu-Description: 
Notes: 
 kees> original Debian fix was incomplete, see https://bugzilla.redhat.com/show_bug.cgi?id=327781#c5
Bugs: 
Priority: high
Discovered-by:
Assigned-to: kees
CVSS: 
upstream_dhcp: needed
dapper_dhcp: released (2.0pl5-19.4ubuntu0.2)
edgy_dhcp: released (2.0pl5-19.4ubuntu1.2)
feisty_dhcp: released (2.0pl5-19.5ubuntu2.2)
gutsy_dhcp: released (2.0pl5dfsg1-20ubuntu1.2)
devel_dhcp: DNE