DHCP server can take over client

"This is the default set-up in Ubuntu, BSD and many other Linux distributions. According to an ISC advisory, the vulnerability is based on a buffer overflow that allows attackers to inject arbitrary code into a system and execute it at root level. The buffer overflow can be triggered in the script_write_params method using excessively long server-supplied subnet masks.

"The client-server bundles DHCP 4.1, DHCP 4.0, DHCP 3.1, DHCP 3.0 and DHCP 2.0 are all affected. The vendor has provided update versions 4.1.0p1, 4.0.1p1 and 3.1.2p1 to close the hole. Updated packages are already being distributed by the Linux distributors. Reportedly, no patches are available for DHCP 3.0 and DHCP 2.0, as the ISC no longer supports these versions."

Complete Story

Related Stories:

• Setting up a dynamic DNS service part 1: named(Jul 15, 2009)
• Installing MyDNS & MyDNSConfig 3 On Fedora 10(May 31, 2009)
• Zeroshell Linux: Captive Portal, Internet Gateway and Router(May 18, 2009)
• Turn an Old PC Into a Multi-Purpose LAN Server with ZeroShell (part 1)(Apr 20, 2009)
• How to: Manage Traffic Using Tomato and QoS(Feb 03, 2009)
• Set up OpenDNS on Ubuntu(Feb 03, 2009)