Intrusion Prevention

FreeBSD.bootpd.Stack.Buffer.Overflow

Description

This indicates an attack attempt to exploit a Buffer Overflow vulnerability in FreeBSD Project bootpd.
The vulnerability is due to an insufficient validation when the vulnerable software handles a malformed BOOTP packet. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application or cause denial of service conditions, via a crafted BOOTP request.

Affected Products

FreeBSD Project bootpd prior to r342231
FreeBSD Project bootpd prior to r348229
FreeBSD Project bootpd prior to r342230
FreeBSD Project bootpd prior to r342228

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's advisory for updates:
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:15.bootpd.asc

CVE References

CVE-2018-17161