Subject: | |
From: | |
Reply To: | |
Date: | Wed, 15 Jul 2009 15:13:55 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Critical: dhcp security update
Issue date: 2009-07-14
CVE Names: CVE-2009-0692 CVE-2009-1893
The Mandriva Linux Engineering Team discovered a stack-based buffer
overflow flaw in the ISC DHCP client. If the DHCP client were to receive
a malicious DHCP response, it could crash or execute arbitrary code with
the permissions of the client (root). (CVE-2009-0692)
An insecure temporary file use flaw was discovered in the DHCP daemon's
init script ("/etc/init.d/dhcpd"). A local attacker could use this flaw
to overwrite an arbitrary file with the output of the "dhcpd -t" command
via a symbolic link attack, if a system administrator executed the DHCP
init script with the "configtest", "restart", or "reload" option.
(CVE-2009-1893)
SL 3.0.x
SRPMS:
dhcp-3.0.1-10.2_EL3.src.rpm
i386:
dhclient-3.0.1-10.2_EL3.i386.rpm
dhcp-3.0.1-10.2_EL3.i386.rpm
dhcp-devel-3.0.1-10.2_EL3.i386.rpm
x86_64:
dhclient-3.0.1-10.2_EL3.x86_64.rpm
dhcp-3.0.1-10.2_EL3.x86_64.rpm
dhcp-devel-3.0.1-10.2_EL3.x86_64.rpm
SL 4.x
SRPMS:
dhcp-3.0.1-65.el4_8.1.src.rpm
i386:
dhclient-3.0.1-65.el4_8.1.i386.rpm
dhcp-3.0.1-65.el4_8.1.i386.rpm
dhcp-devel-3.0.1-65.el4_8.1.i386.rpm
x86_64:
dhclient-3.0.1-65.el4_8.1.x86_64.rpm
dhcp-3.0.1-65.el4_8.1.x86_64.rpm
dhcp-devel-3.0.1-65.el4_8.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|