MDKSA-2004:061

Package name

dhcp

Date

2004-06-22

Advisory ID

MDKSA-2004:061

Affected versions

10.0 amd64 , 9.2 i586 , 10.0 i586 , 9.2 amd64

Problem description

A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable server with the permissions of the user running DHCPD, which is usually root. A similar vulnerability also exists in the way ISC's DHCPD makes use of the vsnprintf() function on system that do not support vsnprintf(). This vulnerability could also be used to execute arbitrary code and/or perform a DoS attack. The vsnprintf() statements that have this problem are defined after the vulnerable code noted above, which would trigger the previous problem rather than this one. Thanks to Gregory Duchemin and Solar Designer for discovering these flaws. The updated packages contain 3.0.1rc14 which is not vulnerable to these problems. Only ISC DHCPD 3.0.1rc12 and 3.0.1rc13 are vulnerable to these issues.

Updated packages

10.0 amd64

 cd75604fcba80ce0bf21951a3ba73ff3  amd64/10.0/RPMS/dhcp-client-3.0-1.rc14.0.1.100mdk.amd64.rpm
68183a2721f0265deee61e518f2452c6  amd64/10.0/RPMS/dhcp-common-3.0-1.rc14.0.1.100mdk.amd64.rpm
47a4ea90cae82e3de6e3a27d92cef456  amd64/10.0/RPMS/dhcp-devel-3.0-1.rc14.0.1.100mdk.amd64.rpm
a3f9fc9203b91344471fb12cba5e6011  amd64/10.0/RPMS/dhcp-relay-3.0-1.rc14.0.1.100mdk.amd64.rpm
61a6a5e36b700bf1281c0009f85ed163  amd64/10.0/RPMS/dhcp-server-3.0-1.rc14.0.1.100mdk.amd64.rpm
0ba079c89ac39a926ad929eea0d039fc  amd64/10.0/SRPMS/dhcp-3.0-1.rc14.0.1.100mdk.src.rpm

9.2 i586

 a612a277ca12c0849143d22dad13b975  9.2/RPMS/dhcp-client-3.0-1.rc14.0.1.92mdk.i586.rpm
ed71711e48503ea62da6b5b15d3cf0d5  9.2/RPMS/dhcp-common-3.0-1.rc14.0.1.92mdk.i586.rpm
bdc249338103e5a811b25f366f85d379  9.2/RPMS/dhcp-devel-3.0-1.rc14.0.1.92mdk.i586.rpm
78b5b964a6f3e71903c97d933136d8e0  9.2/RPMS/dhcp-relay-3.0-1.rc14.0.1.92mdk.i586.rpm
50433f11a2d1ee06fc4e8bd2a53d0952  9.2/RPMS/dhcp-server-3.0-1.rc14.0.1.92mdk.i586.rpm
4372c59939884d2f4717028f8751c123  9.2/SRPMS/dhcp-3.0-1.rc14.0.1.92mdk.src.rpm

10.0 i586

 574eac52ddcacf16291f6576a8d88f6a  10.0/RPMS/dhcp-client-3.0-1.rc14.0.1.100mdk.i586.rpm
daa97478495244b8c5d58702702dc0f1  10.0/RPMS/dhcp-common-3.0-1.rc14.0.1.100mdk.i586.rpm
734a616781e92b6458a8417eb14161ca  10.0/RPMS/dhcp-devel-3.0-1.rc14.0.1.100mdk.i586.rpm
430beae5883163e375d998c081faf7da  10.0/RPMS/dhcp-relay-3.0-1.rc14.0.1.100mdk.i586.rpm
6bbe45c7d34fd77200af87e680083476  10.0/RPMS/dhcp-server-3.0-1.rc14.0.1.100mdk.i586.rpm
0ba079c89ac39a926ad929eea0d039fc  10.0/SRPMS/dhcp-3.0-1.rc14.0.1.100mdk.src.rpm

9.2 amd64

 7d8a75f6e07ca949fcd0ae1b839829d6  amd64/9.2/RPMS/dhcp-client-3.0-1.rc14.0.1.92mdk.amd64.rpm
d1cf956a03cb711385038ade1fe96eb4  amd64/9.2/RPMS/dhcp-common-3.0-1.rc14.0.1.92mdk.amd64.rpm
8855a669ada369c6a543ae30de40afb6  amd64/9.2/RPMS/dhcp-devel-3.0-1.rc14.0.1.92mdk.amd64.rpm
ef663e3fcd1cc9e3bf4132265bbcbb3d  amd64/9.2/RPMS/dhcp-relay-3.0-1.rc14.0.1.92mdk.amd64.rpm
df53ebb708b9ccf08c499be5d20e8eeb  amd64/9.2/RPMS/dhcp-server-3.0-1.rc14.0.1.92mdk.amd64.rpm
4372c59939884d2f4717028f8751c123  amd64/9.2/SRPMS/dhcp-3.0-1.rc14.0.1.92mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0460
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0461
• http://www.cert.org/advisories/317350
• http://www.cert.org/advisories/654390