A buffer overflow in pump might allow remote attacker to execute arbitrary code.
| Package | net-misc/pump on all architectures | 
|---|---|
| Affected versions | <= 0.8.24-r4 | 
| Unaffected versions | 
BOOTP and DHCP client for automatic IP configuration.
It was discovered that there was an arbitrary code execution vulnerability in the pump DHCP/BOOTP client.
A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of arbitrary code with the privileges of the user running pump DHCP/BOOTP client.
There is no known workaround at this time.
Gentoo has discontinued support for pump. We recommend that users unmerge pump:
# emerge --unmerge "net-misc/pump"
      Release date
      
      November 07, 2019
    
      Latest revision
      
      November 07, 2019: 1
    
      Severity
      
      normal
    
      Exploitable
      
      remote
    
Bugzilla entries