CVE-2007-5365

CVE Descriptions

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	7.2		AV:L/AC:L/Au:N/C:C/I:C/A:C	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Exploit information

Exploit Database EDB-ID : 4601

Publication date : 2007-11-01 23h00 +00:00
Author : RoMaNSoFt
EDB Verified : Yes

Products Mentioned

Configuraton 0

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 4.0

Openbsd>>Openbsd >> Version 4.0

Openbsd>>Openbsd >> Version 4.1

Openbsd>>Openbsd >> Version 4.2

Redhat>>Enterprise_linux >> Version 2.1

Redhat>>Linux_advanced_workstation >> Version 2.1

Sun>>Opensolaris >> Version snv_01

Sun>>Opensolaris >> Version snv_02

Sun>>Opensolaris >> Version snv_03

Sun>>Opensolaris >> Version snv_04

Sun>>Opensolaris >> Version snv_05

Sun>>Opensolaris >> Version snv_06

Sun>>Opensolaris >> Version snv_07

Sun>>Opensolaris >> Version snv_08

Sun>>Opensolaris >> Version snv_09

Sun>>Opensolaris >> Version snv_10

Sun>>Opensolaris >> Version snv_11

Sun>>Opensolaris >> Version snv_12

Sun>>Opensolaris >> Version snv_13

Sun>>Opensolaris >> Version snv_14

Sun>>Opensolaris >> Version snv_15

Sun>>Opensolaris >> Version snv_16

Sun>>Opensolaris >> Version snv_17

Sun>>Opensolaris >> Version snv_18

Sun>>Opensolaris >> Version snv_19

Sun>>Opensolaris >> Version snv_20

Sun>>Opensolaris >> Version snv_21

Sun>>Opensolaris >> Version snv_22

Sun>>Opensolaris >> Version snv_23

Sun>>Opensolaris >> Version snv_24

Sun>>Opensolaris >> Version snv_25

Sun>>Opensolaris >> Version snv_26

Sun>>Opensolaris >> Version snv_27

Sun>>Opensolaris >> Version snv_28

Sun>>Opensolaris >> Version snv_29

Sun>>Opensolaris >> Version snv_30

Sun>>Opensolaris >> Version snv_31

Sun>>Opensolaris >> Version snv_32

Sun>>Opensolaris >> Version snv_33

Sun>>Opensolaris >> Version snv_34

Sun>>Opensolaris >> Version snv_35

Sun>>Opensolaris >> Version snv_36

Sun>>Opensolaris >> Version snv_37

Sun>>Opensolaris >> Version snv_38

Sun>>Opensolaris >> Version snv_39

Sun>>Opensolaris >> Version snv_40

Sun>>Opensolaris >> Version snv_41

Sun>>Opensolaris >> Version snv_42

Sun>>Opensolaris >> Version snv_43

Sun>>Opensolaris >> Version snv_44

Sun>>Opensolaris >> Version snv_45

Sun>>Opensolaris >> Version snv_46

Sun>>Opensolaris >> Version snv_47

Sun>>Opensolaris >> Version snv_48

Sun>>Opensolaris >> Version snv_49

Sun>>Opensolaris >> Version snv_50

Sun>>Opensolaris >> Version snv_51

Sun>>Opensolaris >> Version snv_52

Sun>>Opensolaris >> Version snv_53

Sun>>Opensolaris >> Version snv_54

Sun>>Opensolaris >> Version snv_55

Sun>>Opensolaris >> Version snv_56

Sun>>Opensolaris >> Version snv_57

Sun>>Opensolaris >> Version snv_58

Sun>>Opensolaris >> Version snv_59

Sun>>Opensolaris >> Version snv_60

Sun>>Opensolaris >> Version snv_61

Sun>>Opensolaris >> Version snv_62

Sun>>Opensolaris >> Version snv_63

Sun>>Opensolaris >> Version snv_64

Sun>>Opensolaris >> Version snv_65

Sun>>Opensolaris >> Version snv_66

Sun>>Opensolaris >> Version snv_67

Sun>>Opensolaris >> Version snv_68

Sun>>Opensolaris >> Version snv_69

Sun>>Opensolaris >> Version snv_70

Sun>>Opensolaris >> Version snv_71

Sun>>Opensolaris >> Version snv_72

Sun>>Opensolaris >> Version snv_73

Sun>>Opensolaris >> Version snv_74

Sun>>Opensolaris >> Version snv_75

Sun>>Opensolaris >> Version snv_76

Sun>>Opensolaris >> Version snv_77

Sun>>Opensolaris >> Version snv_78

Sun>>Opensolaris >> Version snv_79

Sun>>Opensolaris >> Version snv_80

Sun>>Opensolaris >> Version snv_81

Sun>>Opensolaris >> Version snv_82

Sun>>Opensolaris >> Version snv_83

Sun>>Opensolaris >> Version snv_84

Sun>>Opensolaris >> Version snv_85

Sun>>Opensolaris >> Version snv_86

Sun>>Opensolaris >> Version snv_87

Sun>>Opensolaris >> Version snv_88

Sun>>Opensolaris >> Version snv_89

Sun>>Opensolaris >> Version snv_90

Sun>>Opensolaris >> Version snv_91

Sun>>Opensolaris >> Version snv_92

Sun>>Opensolaris >> Version snv_93

Sun>>Opensolaris >> Version snv_94

Sun>>Opensolaris >> Version snv_95

Sun>>Opensolaris >> Version snv_96

Sun>>Opensolaris >> Version snv_97

Sun>>Opensolaris >> Version snv_98

Sun>>Opensolaris >> Version snv_99

Sun>>Opensolaris >> Version snv_100

Sun>>Opensolaris >> Version snv_101

Sun>>Opensolaris >> Version snv_102

Sun>>Solaris >> Version 8.0

Sun>>Solaris >> Version 9.0

Sun>>Solaris >> Version 10.0

Ubuntu>>Ubuntu_linux >> Version 6.06

Ubuntu>>Ubuntu_linux >> Version 6.10

Ubuntu>>Ubuntu_linux >> Version 7.04

Ubuntu>>Ubuntu_linux >> Version 7.10

References

http://secunia.com/advisories/27338
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/27350
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/3088
Tags : vdb-entry, x_refsource_VUPEN

https://www.exploit-db.com/exploits/4601
Tags : exploit, x_refsource_EXPLOIT-DB

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/dhcpd/options.c
Tags : x_refsource_CONFIRM

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446354
Tags : x_refsource_CONFIRM

http://www.openbsd.org/errata42.html#001_dhcpd
Tags : vendor-advisory, x_refsource_OPENBSD

http://www.securityfocus.com/bid/25984
Tags : vdb-entry, x_refsource_BID

http://www.securityfocus.com/archive/1/483230/100/100/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/37045
Tags : vdb-entry, x_refsource_XF

http://www.redhat.com/support/errata/RHSA-2007-0970.html
Tags : vendor-advisory, x_refsource_REDHAT

http://www.debian.org/security/2007/dsa-1388
Tags : vendor-advisory, x_refsource_DEBIAN

http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1962
Tags : x_refsource_MISC

http://www.ubuntu.com/usn/usn-531-1
Tags : vendor-advisory, x_refsource_UBUNTU

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5817
Tags : vdb-entry, signature, x_refsource_OVAL

http://www.ubuntu.com/usn/usn-531-2
Tags : vendor-advisory, x_refsource_UBUNTU

http://secunia.com/advisories/27160
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.securityfocus.com/archive/1/482085/100/100/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://secunia.com/advisories/27273
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.openbsd.org/errata40.html#016_dhcpd
Tags : vendor-advisory, x_refsource_OPENBSD

http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1
Tags : vendor-advisory, x_refsource_SUNALERT

http://secunia.com/advisories/32668
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.openbsd.org/errata41.html#010_dhcpd
Tags : vendor-advisory, x_refsource_OPENBSD

http://sunsolve.sun.com/search/document.do?assetkey=1-21-109077-21-1
Tags : x_refsource_CONFIRM

http://www.securitytracker.com/id?1018794
Tags : vdb-entry, x_refsource_SECTRACK

http://securitytracker.com/id?1021157
Tags : vdb-entry, x_refsource_SECTRACK

http://www.securityfocus.com/bid/32213
Tags : vdb-entry, x_refsource_BID

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	6.82%	–	–
2022-04-03	–	–	6.82%	–	–
2022-05-15	–	–	6.82%	–	–
2023-03-12	–	–	–	95.85%	–
2023-07-02	–	–	–	95.41%	–
2024-03-17	–	–	–	93.25%	–
2024-06-02	–	–	–	92.77%	–
2024-07-07	–	–	–	90.62%	–
2024-09-22	–	–	–	90.12%	–
2024-12-22	–	–	–	82.25%	–
2025-01-19	–	–	–	82.25%	–
2025-03-18	–	–	–	–	62.52%
2025-03-30	–	–	–	–	57.27%
2025-04-26	–	–	–	–	41.63%
2025-11-18	–	–	–	–	43.51%

Date	Percentile
2022-02-06	8%
2022-04-03	91%
2022-05-15	92%
2023-03-12	99%
2023-07-02	99%
2024-03-17	99%
2024-06-02	99%
2024-07-07	99%
2024-09-22	99%
2024-12-22	99%
2025-01-19	99%
2025-03-18	98%
2025-03-30	98%
2025-04-26	97%
2025-11-18	97%

CVE-2007-5365 : Detail