Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Mandrakelinux Advisory: dhcp

Jun 22, 2004, 21:14 (0 Talkback[s])

Mandrakelinux Security Update Advisory


Package name: dhcp
Advisory ID: MDKSA-2004:061
Date: June 22nd, 2004
Affected versions: 10.0, 9.2


Problem Description:

A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable server with the permissions of the user running DHCPD, which is usually root.

A similar vulnerability also exists in the way ISC's DHCPD makes use of the vsnprintf() function on system that do not support vsnprintf(). This vulnerability could also be used to execute arbitrary code and/or perform a DoS attack. The vsnprintf() statements that have this problem are defined after the vulnerable code noted above, which would trigger the previous problem rather than this one.

Thanks to Gregory Duchemin and Solar Designer for discovering these flaws.

The updated packages contain 3.0.1rc14 which is not vulnerable to these problems. Only ISC DHCPD 3.0.1rc12 and 3.0.1rc13 are vulnerable to these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0461
http://www.kb.cert.org/vuls/id/317350
http://www.kb.cert.org/vuls/id/654390


Updated Packages:

Mandrakelinux 10.0:
574eac52ddcacf16291f6576a8d88f6a 10.0/RPMS/dhcp-client-3.0-1.rc14.0.1.100mdk.i586.rpm
daa97478495244b8c5d58702702dc0f1 10.0/RPMS/dhcp-common-3.0-1.rc14.0.1.100mdk.i586.rpm
734a616781e92b6458a8417eb14161ca 10.0/RPMS/dhcp-devel-3.0-1.rc14.0.1.100mdk.i586.rpm
430beae5883163e375d998c081faf7da 10.0/RPMS/dhcp-relay-3.0-1.rc14.0.1.100mdk.i586.rpm
6bbe45c7d34fd77200af87e680083476 10.0/RPMS/dhcp-server-3.0-1.rc14.0.1.100mdk.i586.rpm
0ba079c89ac39a926ad929eea0d039fc 10.0/SRPMS/dhcp-3.0-1.rc14.0.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
cd75604fcba80ce0bf21951a3ba73ff3 amd64/10.0/RPMS/dhcp-client-3.0-1.rc14.0.1.100mdk.amd64.rpm
68183a2721f0265deee61e518f2452c6 amd64/10.0/RPMS/dhcp-common-3.0-1.rc14.0.1.100mdk.amd64.rpm
47a4ea90cae82e3de6e3a27d92cef456 amd64/10.0/RPMS/dhcp-devel-3.0-1.rc14.0.1.100mdk.amd64.rpm
a3f9fc9203b91344471fb12cba5e6011 amd64/10.0/RPMS/dhcp-relay-3.0-1.rc14.0.1.100mdk.amd64.rpm
61a6a5e36b700bf1281c0009f85ed163 amd64/10.0/RPMS/dhcp-server-3.0-1.rc14.0.1.100mdk.amd64.rpm
0ba079c89ac39a926ad929eea0d039fc amd64/10.0/SRPMS/dhcp-3.0-1.rc14.0.1.100mdk.src.rpm

Mandrakelinux 9.2:
a612a277ca12c0849143d22dad13b975 9.2/RPMS/dhcp-client-3.0-1.rc14.0.1.92mdk.i586.rpm
ed71711e48503ea62da6b5b15d3cf0d5 9.2/RPMS/dhcp-common-3.0-1.rc14.0.1.92mdk.i586.rpm
bdc249338103e5a811b25f366f85d379 9.2/RPMS/dhcp-devel-3.0-1.rc14.0.1.92mdk.i586.rpm
78b5b964a6f3e71903c97d933136d8e0 9.2/RPMS/dhcp-relay-3.0-1.rc14.0.1.92mdk.i586.rpm
50433f11a2d1ee06fc4e8bd2a53d0952 9.2/RPMS/dhcp-server-3.0-1.rc14.0.1.92mdk.i586.rpm
4372c59939884d2f4717028f8751c123 9.2/SRPMS/dhcp-3.0-1.rc14.0.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
7d8a75f6e07ca949fcd0ae1b839829d6 amd64/9.2/RPMS/dhcp-client-3.0-1.rc14.0.1.92mdk.amd64.rpm
d1cf956a03cb711385038ade1fe96eb4 amd64/9.2/RPMS/dhcp-common-3.0-1.rc14.0.1.92mdk.amd64.rpm
8855a669ada369c6a543ae30de40afb6 amd64/9.2/RPMS/dhcp-devel-3.0-1.rc14.0.1.92mdk.amd64.rpm
ef663e3fcd1cc9e3bf4132265bbcbb3d amd64/9.2/RPMS/dhcp-relay-3.0-1.rc14.0.1.92mdk.amd64.rpm
df53ebb708b9ccf08c499be5d20e8eeb amd64/9.2/RPMS/dhcp-server-3.0-1.rc14.0.1.92mdk.amd64.rpm
4372c59939884d2f4717028f8751c123 amd64/9.2/SRPMS/dhcp-3.0-1.rc14.0.1.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>