GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Nov 07, 2019 8:26 pm Post subject: [ GLSA 201911-02 ] pump |
 |
|
Gentoo Linux Security Advisory
Title: pump: User-assisted execution of arbitrary code (GLSA 201911-02)
Severity: normal
Exploitable: remote
Date: 2019-11-07
Bug(s): #694314
ID: 201911-02
Synopsis
A buffer overflow in pump might allow remote attacker to execute
arbitrary code.
Background
BOOTP and DHCP client for automatic IP configuration.
Affected Packages
Package: net-misc/pump
Vulnerable: <= 0.8.24-r4
Architectures: All supported architectures
Description
It was discovered that there was an arbitrary code execution
vulnerability in the pump DHCP/BOOTP client.
Impact
A remote attacker, by enticing a user to connect to a malicious server,
could cause the execution of arbitrary code with the privileges of the
user running pump DHCP/BOOTP client.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for pump. We recommend that users
unmerge pump:
| Code: | # emerge --unmerge "net-misc/pump"
|
References
Debian Bug Report 933674 |
|
News & Announcements
