A buffer overflow in pump might allow remote attacker to execute arbitrary code.
Package | net-misc/pump on all architectures |
---|---|
Affected versions | <= 0.8.24-r4 |
Unaffected versions |
BOOTP and DHCP client for automatic IP configuration.
It was discovered that there was an arbitrary code execution vulnerability in the pump DHCP/BOOTP client.
A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of arbitrary code with the privileges of the user running pump DHCP/BOOTP client.
There is no known workaround at this time.
Gentoo has discontinued support for pump. We recommend that users unmerge pump:
# emerge --unmerge "net-misc/pump"
Release date
November 07, 2019
Latest revision
November 07, 2019: 1
Severity
normal
Exploitable
remote
Bugzilla entries