Intrusion PreventionFreeBSD.bootpd.Stack.Buffer.Overflow
Description
This indicates an attack attempt to exploit a Buffer Overflow vulnerability in FreeBSD Project bootpd.
The vulnerability is due to an insufficient validation when the vulnerable software handles a malformed BOOTP packet. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application or cause denial of service conditions, via a crafted BOOTP request.
Affected Products
FreeBSD Project bootpd prior to r342231
FreeBSD Project bootpd prior to r348229
FreeBSD Project bootpd prior to r342230
FreeBSD Project bootpd prior to r342228
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor's advisory for updates:
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:15.bootpd.asc
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-06-06 | 14.627 | Severity:high:critical |
| 2019-02-11 | 14.548 | Default_action:pass:drop |
| 2019-01-29 | 14.536 | |
| 2019-01-25 | 14.535 | |
| 2019-01-25 | 14.534 |
| ID | 47357 |
| Created | Jan 25, 2019 |
| Updated | May 04, 2022 |
| Risk |
|
| CVE ID | CVE-2018-17161 |
| Exploit Prediction Score | 1.99% |
| Default Action | drop |
| Active | |
| Affected OS | BSD |
| Affected App | Other |