CVE-2019-11766 – This vulnerability is a buffer over-read in dhc... (How to Fix)

Q: What is the severity of CVE-2019-11766?

CVE-2019-11766 has a CVSS score of 9.8 (CRITICAL). This vulnerability is a buffer over-read in dhcpcd's DHCPv6 Prefix Delegation Exclude feature that could allow attackers to read sensitive memory contents. Systems running vulnerable versions of dhcpcd (DHCP client daemon) are affected, potentially exposing information or causing crashes.

📋 TL;DR

This vulnerability is a buffer over-read in dhcpcd's DHCPv6 Prefix Delegation Exclude feature that could allow attackers to read sensitive memory contents. Systems running vulnerable versions of dhcpcd (DHCP client daemon) are affected, potentially exposing information or causing crashes.

💻 Affected Systems

Products:

dhcpcd

Versions: dhcpcd before 6.11.7 and 7.x before 7.2.2

Operating Systems: Linux, BSD systems using dhcpcd

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using DHCPv6 with Prefix Delegation Exclude feature enabled. Many systems may not use this specific feature.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive memory contents, potential remote code execution if combined with other vulnerabilities, or denial of service through application crashes.

🟠

Likely Case

Information disclosure of adjacent memory, potentially exposing sensitive data or causing dhcpcd to crash, disrupting network connectivity.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized DHCPv6 traffic from reaching vulnerable systems.

🌐 Internet-Facing: MEDIUM - Requires DHCPv6 traffic from untrusted sources, which is less common than IPv4 DHCP but still possible in dual-stack environments.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they can send malicious DHCPv6 packets to vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to send malicious DHCPv6 packets to vulnerable systems. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: dhcpcd 6.11.7 or 7.2.2 and later

Vendor Advisory: https://roy.marples.name/archives/dhcpcd-discuss/0002428.html

Restart Required: Yes

Instructions:

1. Update dhcpcd package to version 6.11.7+ or 7.2.2+ using your distribution's package manager. 2. Restart dhcpcd service or reboot the system.

🔧 Temporary Workarounds

Disable DHCPv6 Prefix Delegation Exclude

linux

Disable the vulnerable D6_OPTION_PD_EXCLUDE feature if not required

Edit dhcpcd.conf and remove or comment out any 'pd_exclude' or similar DHCPv6 prefix delegation exclude options

Disable DHCPv6 entirely

linux

Disable DHCPv6 if IPv6 is not required or if static IPv6 configuration is used

Edit dhcpcd.conf and add 'noipv6rs' and 'noipv6' options
Or disable dhcpcd for IPv6 interfaces

🧯 If You Can't Patch

Implement network segmentation to restrict DHCPv6 traffic to trusted sources only
Use firewall rules to block external DHCPv6 traffic to vulnerable systems

🔍 How to Verify

Check if Vulnerable:

Check dhcpcd version: 'dhcpcd --version' or 'rpm -q dhcpcd' or 'dpkg -l dhcpcd'

Check Version:

dhcpcd --version 2>/dev/null | head -1

Verify Fix Applied:

Verify installed version is 6.11.7+ or 7.2.2+ and check that dhcpcd service is running without errors

📡 Detection & Monitoring

Log Indicators:

dhcpcd crash logs
segmentation fault errors in system logs
unexpected dhcpcd restarts

Network Indicators:

Malformed DHCPv6 packets with PD_EXCLUDE options
Unusual DHCPv6 traffic patterns

SIEM Query:

source="dhcpcd" AND ("segmentation fault" OR "crash" OR "buffer over-read")

📊 Metadata

CVE ID: CVE-2019-11766

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: May 5, 2019

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/108172 Broken Link
https://bugs.debian.org/928440 Mailing List,Patch,Third Party Advisory
https://roy.marples.name/archives/dhcpcd-discuss/0002428.html Patch,Vendor Advisory
https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985e5e1360b141593f1d62837b Mailing List,Patch,Vendor Advisory
https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 Mailing List,Patch,Vendor Advisory
http://www.securityfocus.com/bid/108172 Broken Link
https://bugs.debian.org/928440 Mailing List,Patch,Third Party Advisory
https://roy.marples.name/archives/dhcpcd-discuss/0002428.html Patch,Vendor Advisory
https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985e5e1360b141593f1d62837b Mailing List,Patch,Vendor Advisory
https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 Mailing List,Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-11766, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Debian Linux by Debian

Dhcpcd by Dhcpcd Project

Dhcpcd by Dhcpcd Project

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable DHCPv6 Prefix Delegation Exclude

Disable DHCPv6 entirely

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities