This module exploits a vulnerability in ISC DHCP Server. The vulnerability is caused due to the improper handling of DHCP requests within dhcpd in the cons_options() function in options.c. This causes a stack-based buffer corruption by sending a specially crafted DHCP request specifying a maximum message size smaller than 278 bytes. This update adds support for Linux.
Wednesday, December 19, 2007 - 18:00