Package name
dhcp
Date
2009-12-03
Advisory ID
MDVSA-2009:312
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability has been found and corrected in ISC DHCP:

Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before
3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build
56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455
and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and
ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528;
allows remote attackers to cause a denial of service (daemon crash)
or execute arbitrary code via a malformed DHCP packet with a large
dhcp-max-message-size that triggers a stack-based buffer overflow,
related to servers configured to send many DHCP options to clients
(CVE-2007-0062).

Stack-based buffer overflow in the script_write_params method in
client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0
before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP
servers to execute arbitrary code via a crafted subnet-mask option
(CVE-2009-0692).

ISC DHCP Server is vulnerable to a denial of service, caused by the
improper handling of DHCP requests. If the host definitions are mixed
using dhcp-client-identifier and hardware ethernet, a remote attacker
could send specially-crafted DHCP requests to cause the server to
stop responding (CVE-2009-1892).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides fixes for this vulnerability.

Updated packages

2008.0 i586

 3081299715b66778098307681861d6d7  2008.0/i586/dhcp-client-3.0.7-0.1mdv2008.0.i586.rpm
 65893c30e369cb54df581508c0a278ce  2008.0/i586/dhcp-common-3.0.7-0.1mdv2008.0.i586.rpm
 c7891651d44f4c66967789a594cb494f  2008.0/i586/dhcp-devel-3.0.7-0.1mdv2008.0.i586.rpm
 6ddeab5add9a44c4c0d97fc98e98b48f  2008.0/i586/dhcp-doc-3.0.7-0.1mdv2008.0.i586.rpm
 2c3e9e31d4c99a3622ce4c029ce7d5f9  2008.0/i586/dhcp-relay-3.0.7-0.1mdv2008.0.i586.rpm
 e9271dcc129000708f9537a5ad3a926f  2008.0/i586/dhcp-server-3.0.7-0.1mdv2008.0.i586.rpm 
 2a2e6cca8ab0d7c62e14aa19116ac860  2008.0/SRPMS/dhcp-3.0.7-0.1mdv2008.0.src.rpm

2008.0 x86_64

 137eaf194b2faa3a8de3b90453c47793  2008.0/x86_64/dhcp-client-3.0.7-0.1mdv2008.0.x86_64.rpm
 79a273d98b5ef2f51c93c0f4d49ab82a  2008.0/x86_64/dhcp-common-3.0.7-0.1mdv2008.0.x86_64.rpm
 4e1ca48b749ef04f4aff6dd6d9d34bde  2008.0/x86_64/dhcp-devel-3.0.7-0.1mdv2008.0.x86_64.rpm
 df97bbd0680f5b82417be5fb448a3493  2008.0/x86_64/dhcp-doc-3.0.7-0.1mdv2008.0.x86_64.rpm
 daa25b01f8fd36eeeedc2cb4c0e2c119  2008.0/x86_64/dhcp-relay-3.0.7-0.1mdv2008.0.x86_64.rpm
 1d283afe24bb93f3c155a2b762e50988  2008.0/x86_64/dhcp-server-3.0.7-0.1mdv2008.0.x86_64.rpm 
 2a2e6cca8ab0d7c62e14aa19116ac860  2008.0/SRPMS/dhcp-3.0.7-0.1mdv2008.0.src.rpm

References