Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


DHCP server can take over client

Jul 16, 2009, 08:02 (0 Talkback[s])

"This is the default set-up in Ubuntu, BSD and many other Linux distributions. According to an ISC advisory, the vulnerability is based on a buffer overflow that allows attackers to inject arbitrary code into a system and execute it at root level. The buffer overflow can be triggered in the script_write_params method using excessively long server-supplied subnet masks.

"The client-server bundles DHCP 4.1, DHCP 4.0, DHCP 3.1, DHCP 3.0 and DHCP 2.0 are all affected. The vendor has provided update versions 4.1.0p1, 4.0.1p1 and 3.1.2p1 to close the hole. Updated packages are already being distributed by the Linux distributors. Reportedly, no patches are available for DHCP 3.0 and DHCP 2.0, as the ISC no longer supports these versions."

Complete Story

Related Stories: