Bug 922868 (CVE-2014-7912)

Summary: VUL-0: dhcpcd: affected by CVE-2014-7912 or CVE-2014-7913?
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: krahmer, meissner, mt
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2015-03-18 07:48:18 UTC
remote flaw in android dhcpcd copy .. 

http://www.zerodayinitiative.com/advisories/ZDI-15-093/

https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0%5E!/#F1

the sle11-sp1 dhcpcd code looks different, but we should cross check I think.
Comment 1 Sebastian Krahmer 2015-03-18 11:07:36 UTC
Looks like all of our dhcpcd's are dhcpcd3. Androids fork
is dhcpcd4. That explains why we dont have the vuln
get_option() function (neither print_option()).

FWIW, the bug is also inside dhcpcd6. Closing as INVALID for us.