SCIENTIFIC-LINUX-ERRATA Archives

July 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Critical: dhcp on SL3.x, SL4.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 15 Jul 2009 15:13:55 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (46 lines) 
Synopsis:	Critical: dhcp security update
Issue date:	2009-07-14
CVE Names:	CVE-2009-0692 CVE-2009-1893

The Mandriva Linux Engineering Team discovered a stack-based buffer
overflow flaw in the ISC DHCP client. If the DHCP client were to receive 
a malicious DHCP response, it could crash or execute arbitrary code with 
the permissions of the client (root). (CVE-2009-0692)

An insecure temporary file use flaw was discovered in the DHCP daemon's
init script ("/etc/init.d/dhcpd"). A local attacker could use this flaw 
to overwrite an arbitrary file with the output of the "dhcpd -t" command 
via a symbolic link attack, if a system administrator executed the DHCP 
init script with the "configtest", "restart", or "reload" option.
(CVE-2009-1893)

SL 3.0.x

      SRPMS:
dhcp-3.0.1-10.2_EL3.src.rpm
      i386:
dhclient-3.0.1-10.2_EL3.i386.rpm
dhcp-3.0.1-10.2_EL3.i386.rpm
dhcp-devel-3.0.1-10.2_EL3.i386.rpm
      x86_64:
dhclient-3.0.1-10.2_EL3.x86_64.rpm
dhcp-3.0.1-10.2_EL3.x86_64.rpm
dhcp-devel-3.0.1-10.2_EL3.x86_64.rpm

SL 4.x

      SRPMS:
dhcp-3.0.1-65.el4_8.1.src.rpm
      i386:
dhclient-3.0.1-65.el4_8.1.i386.rpm
dhcp-3.0.1-65.el4_8.1.i386.rpm
dhcp-devel-3.0.1-65.el4_8.1.i386.rpm
      x86_64:
dhclient-3.0.1-65.el4_8.1.x86_64.rpm
dhcp-3.0.1-65.el4_8.1.x86_64.rpm
dhcp-devel-3.0.1-65.el4_8.1.x86_64.rpm


-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2