Problem Description:
Due to a missing length check in the code that handles
DNS parameters, a malformed router advertisement message
can result in a stack buffer overflow in rtsold(8).
Impact:
Receipt of a router advertisement message with a malformed
DNSSL option, for instance from a compromised host on the
same network, can cause rtsold(8) to crash.
While it is theoretically possible to inject code into
rtsold(8) through malformed router advertisement messages,
it is normally compiled with stack protection enabled,
rendering such an attack extremely difficult.
When rtsold(8) crashes, the existing DNS configuration
will remain in force, and the kernel will continue to receive
and process periodic router advertisements.