MDKSA-2004:061 - Updated dhcp packages fix buffer overflow vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MDKSA-2004:061 - Updated dhcp packages fix buffer overflow vulnerabilities
From: Mandrake Linux Security Team <security@xxxxxxxxxxxxxxxxxx>
Date: 22 Jun 2004 18:36:31 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           dhcp
 Advisory ID:            MDKSA-2004:061
 Date:                   June 22nd, 2004

 Affected versions:      10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability in how ISC's DHCPD handles syslog messages can allow a
 malicious attacker with the ability to send special packets to the
 DHCPD listening port to crash the daemon, causing a Denial of Service.
 It is also possible that they may be able to execute arbitrary code on
 the vulnerable server with the permissions of the user running DHCPD,
 which is usually root.
 
 A similar vulnerability also exists in the way ISC's DHCPD makes use
 of the vsnprintf() function on system that do not support vsnprintf().
 This vulnerability could also be used to execute arbitrary code and/or
 perform a DoS attack.  The vsnprintf() statements that have this
 problem are defined after the vulnerable code noted above, which would
 trigger the previous problem rather than this one.
 
 Thanks to Gregory Duchemin and Solar Designer for discovering these
 flaws.
 
 The updated packages contain 3.0.1rc14 which is not vulnerable to these
 problems.  Only ISC DHCPD 3.0.1rc12 and 3.0.1rc13 are vulnerable to
 these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0460
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0461
  http://www.kb.cert.org/vuls/id/317350
  http://www.kb.cert.org/vuls/id/654390
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 574eac52ddcacf16291f6576a8d88f6a  
10.0/RPMS/dhcp-client-3.0-1.rc14.0.1.100mdk.i586.rpm
 daa97478495244b8c5d58702702dc0f1  
10.0/RPMS/dhcp-common-3.0-1.rc14.0.1.100mdk.i586.rpm
 734a616781e92b6458a8417eb14161ca  
10.0/RPMS/dhcp-devel-3.0-1.rc14.0.1.100mdk.i586.rpm
 430beae5883163e375d998c081faf7da  
10.0/RPMS/dhcp-relay-3.0-1.rc14.0.1.100mdk.i586.rpm
 6bbe45c7d34fd77200af87e680083476  
10.0/RPMS/dhcp-server-3.0-1.rc14.0.1.100mdk.i586.rpm
 0ba079c89ac39a926ad929eea0d039fc  10.0/SRPMS/dhcp-3.0-1.rc14.0.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 cd75604fcba80ce0bf21951a3ba73ff3  
amd64/10.0/RPMS/dhcp-client-3.0-1.rc14.0.1.100mdk.amd64.rpm
 68183a2721f0265deee61e518f2452c6  
amd64/10.0/RPMS/dhcp-common-3.0-1.rc14.0.1.100mdk.amd64.rpm
 47a4ea90cae82e3de6e3a27d92cef456  
amd64/10.0/RPMS/dhcp-devel-3.0-1.rc14.0.1.100mdk.amd64.rpm
 a3f9fc9203b91344471fb12cba5e6011  
amd64/10.0/RPMS/dhcp-relay-3.0-1.rc14.0.1.100mdk.amd64.rpm
 61a6a5e36b700bf1281c0009f85ed163  
amd64/10.0/RPMS/dhcp-server-3.0-1.rc14.0.1.100mdk.amd64.rpm
 0ba079c89ac39a926ad929eea0d039fc  
amd64/10.0/SRPMS/dhcp-3.0-1.rc14.0.1.100mdk.src.rpm

 Mandrakelinux 9.2:
 a612a277ca12c0849143d22dad13b975  
9.2/RPMS/dhcp-client-3.0-1.rc14.0.1.92mdk.i586.rpm
 ed71711e48503ea62da6b5b15d3cf0d5  
9.2/RPMS/dhcp-common-3.0-1.rc14.0.1.92mdk.i586.rpm
 bdc249338103e5a811b25f366f85d379  
9.2/RPMS/dhcp-devel-3.0-1.rc14.0.1.92mdk.i586.rpm
 78b5b964a6f3e71903c97d933136d8e0  
9.2/RPMS/dhcp-relay-3.0-1.rc14.0.1.92mdk.i586.rpm
 50433f11a2d1ee06fc4e8bd2a53d0952  
9.2/RPMS/dhcp-server-3.0-1.rc14.0.1.92mdk.i586.rpm
 4372c59939884d2f4717028f8751c123  9.2/SRPMS/dhcp-3.0-1.rc14.0.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 7d8a75f6e07ca949fcd0ae1b839829d6  
amd64/9.2/RPMS/dhcp-client-3.0-1.rc14.0.1.92mdk.amd64.rpm
 d1cf956a03cb711385038ade1fe96eb4  
amd64/9.2/RPMS/dhcp-common-3.0-1.rc14.0.1.92mdk.amd64.rpm
 8855a669ada369c6a543ae30de40afb6  
amd64/9.2/RPMS/dhcp-devel-3.0-1.rc14.0.1.92mdk.amd64.rpm
 ef663e3fcd1cc9e3bf4132265bbcbb3d  
amd64/9.2/RPMS/dhcp-relay-3.0-1.rc14.0.1.92mdk.amd64.rpm
 df53ebb708b9ccf08c499be5d20e8eeb  
amd64/9.2/RPMS/dhcp-server-3.0-1.rc14.0.1.92mdk.amd64.rpm
 4372c59939884d2f4717028f8751c123  
amd64/9.2/SRPMS/dhcp-3.0-1.rc14.0.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFA2HwumqjQ0CJFipgRAk3oAJ9Ex/mmIrxQaoB80FgS2rT7jPca6ACg062R
L8CiWcSE98BQSvF5ZW13MXo=
=d5+I
-----END PGP SIGNATURE-----

Prev by Date: [ GLSA 200406-17 ] IPsec-Tools: authentication bug in racoon
Next by Date: DHCP Vuln // no code 0day //
Previous by thread: [ GLSA 200406-17 ] IPsec-Tools: authentication bug in racoon
Next by thread: DHCP Vuln // no code 0day //
Index(es):
- Date
- Thread