Joined: 12 May 2004
|Posted: Thu Nov 07, 2019 8:26 pm Post subject: [ GLSA 201911-02 ] pump
|Gentoo Linux Security Advisory
Title: pump: User-assisted execution of arbitrary code (GLSA 201911-02)
A buffer overflow in pump might allow remote attacker to execute
BOOTP and DHCP client for automatic IP configuration.
Vulnerable: <= 0.8.24-r4
Architectures: All supported architectures
It was discovered that there was an arbitrary code execution
vulnerability in the pump DHCP/BOOTP client.
A remote attacker, by enticing a user to connect to a malicious server,
could cause the execution of arbitrary code with the privileges of the
user running pump DHCP/BOOTP client.
There is no known workaround at this time.
Gentoo has discontinued support for pump. We recommend that users
|# emerge --unmerge "net-misc/pump"
Debian Bug Report 933674