Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

pump: User-assisted execution of arbitrary code — GLSA 201911-02

A buffer overflow in pump might allow remote attacker to execute arbitrary code.

Affected packages

Package net-misc/pump on all architectures
Affected versions <= 0.8.24-r4
Unaffected versions

Background

BOOTP and DHCP client for automatic IP configuration.

Description

It was discovered that there was an arbitrary code execution vulnerability in the pump DHCP/BOOTP client.

Impact

A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of arbitrary code with the privileges of the user running pump DHCP/BOOTP client.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for pump. We recommend that users unmerge pump: 

 # emerge --unmerge "net-misc/pump"

References

Release date
November 07, 2019

Latest revision
November 07, 2019: 1

Severity
normal

Exploitable
remote

Bugzilla entries