Linux Today: Linux News On Internet Time.

More on LinuxToday

DHCP server can take over client

Jul 16, 2009, 08:02 (0 Talkback[s])


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

"This is the default set-up in Ubuntu, BSD and many other Linux distributions. According to an ISC advisory, the vulnerability is based on a buffer overflow that allows attackers to inject arbitrary code into a system and execute it at root level. The buffer overflow can be triggered in the script_write_params method using excessively long server-supplied subnet masks.

"The client-server bundles DHCP 4.1, DHCP 4.0, DHCP 3.1, DHCP 3.0 and DHCP 2.0 are all affected. The vendor has provided update versions 4.1.0p1, 4.0.1p1 and 3.1.2p1 to close the hole. Updated packages are already being distributed by the Linux distributors. Reportedly, no patches are available for DHCP 3.0 and DHCP 2.0, as the ISC no longer supports these versions."

Complete Story

Related Stories: