When sending a DHCP option, the values are validated against a hard-coded prefix. However, due to a missing validation check, it is possible to specify any address. This could be used for instance to specify a different target host than the one intended. This could be abused for instance to setup a man-in-the-middle attack. We would like to highlight that this bug does not allow for remote code execution; however, it could be used for local privilege escalation. Patch ID: ALPS07299385; Issue ID: ALPS07299385. When sending a DHCP option, the values are validated against a hard-coded prefix. However, due to a missing validation check, it is possible to specify any address. This could be used for instance to specify a different target host than the one intended. This could be abused for instance to setup a man-in-the-middle attack. We would like to highlight that this bug does not allow for remote code execution; however, it could be used for local privilege escalation. Patch ID: ALPS07299385; Issue ID: ALPS07299385. When configuring a wireless interface, the wireless device may accept an IPv6 address that is not enabled on the wireless interface. This could be exploited for instance when a wireless device is configured to accept an IPv6 address that is behind a NAT, and the attacker is configured to accept only IPv4 connections. In this case, the attacker could send an IPv6

Bluetooth bugs

CVE-2018-19909: When parsing a Bluetooth LE packet, we may not properly validate the MAC address. This may cause an out of bounds or null pointer exception resulting in a buffer overflow that could allow for remote code execution. Patch ID: ALPS07299385; Issue ID: ALPS07299385. When configuring a wireless interface, the wireless device may accept an IPv6 address that is not enabled on the wireless interface. This could be exploited for instance when a wireless device is configured to accept an IPv6 address that is behind a NAT, and the attacker is configured to accept only IPv4 connections. In this case, the attacker could send an IPv6 option with no value in order to overwrite memory and gain control over the device. Patch ID: ALPS07299385; Issue ID: ALPS07299385. When sending a DHCP option, the values are validated against a hard-coded prefix. However, due to a missing validation check, it is possible to specify any address. This could be used for instance to specify a different target host than the one intended. This could be abused for instance to setup a man-in-the-middle attack. We would like to highlight that this bug does not allow for remote code execution; however, it could be used for local privilege escalation. Patch ID: ALPS07299385; Issue ID: ALPS07299385

Timeline

Published on: 10/07/2022 20:15:00 UTC
Last modified on: 10/12/2022 13:52:00 UTC

References