kern/181496: Patch for CVE-2013-3077 (integer overflow in IP_MSFILTER) breaks dhclient
Steven Lee
steven at roothosts.com
Sat Aug 24 01:40:00 UTC 2013
>Number: 181496
>Category: kern
>Synopsis: Patch for CVE-2013-3077 (integer overflow in IP_MSFILTER) breaks dhclient
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Aug 24 01:40:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Steven Lee
>Release: releng/9.2
>Organization:
Root Hosts
>Environment:
FreeBSD box.localnet 9.2-RC2 FreeBSD 9.2-RC2 #1 r254680M: Fri Aug 23 07:44:25 UTC 2013 root at box.localnet:/sys/amd64/compile/GENERIC amd64
>Description:
After applying the security patch dhclient doesn't work. Reverting the patch fixes it again. Tested on 9.2-RC2 and 9.1-RELEASE-p*. Same behaviour.
A tcpdump shows the broadcast to 255.255.255.255 port 67 for the address request including my MAC address and the reply from the dhcp server, however dhclient just times every time.
>How-To-Repeat:
Apply the patch for CVE-2013-3077 to 9.1 or 9.2 and try to use dhclient to obtain an IP address.
>Fix:
Revert the patch (which is probably not what people really want).
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list