A buffer overflow in pump might allow remote attacker to execute arbitrary code.
|Package||net-misc/pump on all architectures|
|Affected versions||<= 0.8.24-r4|
BOOTP and DHCP client for automatic IP configuration.
It was discovered that there was an arbitrary code execution vulnerability in the pump DHCP/BOOTP client.
A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of arbitrary code with the privileges of the user running pump DHCP/BOOTP client.
There is no known workaround at this time.
Gentoo has discontinued support for pump. We recommend that users unmerge pump:
# emerge --unmerge "net-misc/pump"
November 07, 2019
November 07, 2019: 1