dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


SOT Linux Advisory: dhcp

Apr 06, 2003, 22:48 (0 Talkback[s])

[ Thanks to SOT Linux Security Team for this link. ]

----------------------------------------------------------------
                   SOT Linux Security Advisory

Subject:           Updated dhcp package for SOT Linux 2002
Advisory ID:       SLSA-2003:17
Date:              Sunday, April 6, 2003
Product:           SOT Linux 2002
----------------------------------------------------------------

1. Problem description

ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions,
allows remote attackers to cause a denial of service (packet storm) via a
certain BOOTP packet that is forwarded to a broadcast MAC address, causing
an infinite loop that is not restricted by a hop count.

dhcp packages were updated to version 3.0-pkl2
SOT Linux 2002 dhcp users are advised to update.



2. Updated packages

SOT Linux 2002 Desktop:
 
i386:
ftp://ftp.sot.com/updates/2002/Desktop/i386/dhcp-client-3.0-pl2.i386.rpm
ftp://ftp.sot.com/updates/2002/Desktop/i386/dhcp-common-3.0-pl2.i386.rpm
ftp://ftp.sot.com/updates/2002/Desktop/i386/dhcp-relay-3.0-pl2.i386.rpm
 
SRPMS:
ftp://ftp.sot.com/updates/2002/Desktop/SRPMS/dhcp-3.0-pl2.src.rpm
 
 
SOT Linux 2002 Server:
 
i386:
ftp://ftp.sot.com/updates/2002/Server/i386/dhcp-server-3.0-pl2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/dhcp-relay-3.0-pl2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/dhcp-devel-3.0-pl2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/dhcp-common-3.0-pl2.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/dhcp-client-3.0-pl2.i386.rpm

SRPMS:
ftp://ftp.sot.com/updates/2002/Server/SRPMS/dhcp-3.0-pl2.src.rpm

3. Upgrading package

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Use up2date to automatically upgrade the fixed packages.
 
If you want to upgrade manually, download the updated package from
the SOT Linux FTP site (use the links above) or from one of our mirrors.
The list of mirrors can be obtained at www.sot.com/en/linux
 
Update the package with the following command:
rpm -Uvh 

4. Verification

All packages are PGP signed by SOT for security.
 
You can verify each package with the following command:
rpm --checksig  
 
If you wish to verify the integrity of the downloaded package, run
"md5sum " and compare the output with data given below.
 
 
Package Name                         MD5 sum
----------------------------------------------------------------
/Desktop/i386/dhcp-client-3.0-pl2.i386.rpm  1cbf36d8a3e89382677e01d8cee6339e
/Desktop/i386/dhcp-common-3.0-pl2.i386.rpm  2c57cdf0126689c59887fe8eb20e13bf
/Desktop/i386/dhcp-relay-3.0-pl2.i386.rpm   accd3d5beffc1860aaf93f08a8db7170
/Desktop/SRPMS/dhcp-3.0-pl2.src.rpm         6759d9832ff5bf93bc09552cf1355f01
/Server/i386/dhcp-client-3.0-pl2.i386.rpm   1cbf36d8a3e89382677e01d8cee6339e
/Server/i386/dhcp-common-3.0-pl2.i386.rpm   2c57cdf0126689c59887fe8eb20e13bf
/Server/i386/dhcp-devel-3.0-pl2.i386.rpm    a67c04719b265649c34b71dd8f31c970
/Server/i386/dhcp-relay-3.0-pl2.i386.rpm    accd3d5beffc1860aaf93f08a8db7170
/Server/i386/dhcp-server-3.0-pl2.i386.rpm   96007f325d4337bbd966b0d716ca2510
/Server/SRPMS/dhcp-3.0-pl2.src.rpm          6759d9832ff5bf93bc09552cf1355f01

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0039
http://marc.theaimsgroup.com/?l=bugtraq&m=104310927813830


Copyright(c) 2001-2003 SOT
        
----------------------------------------------------------------
You can view other update advisories for SOT Linux 2002 at:
http://www.sot.com/en/linux/sa/
----------------------------------------------------------------