|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#410676
ISC DHCP dhclient stack buffer overflow
OverviewThe ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges.
I. DescriptionAs described in RFC 2131, "The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network." ISC DHCP is a reference implementation of the DHCP protocol, including a DHCP server, client, and relay agent.
The ISC DHCP client code (dhclient) contains a stack buffer overflow in the script_write_params() method. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. According to ISC, the following versions are affected:
DHCP 4.1 (all versions)
DHCP 4.0 (all versions)
DHCP 3.1 (all versions)
DHCP 3.0 (all versions)
DHCP 2.0 (all versions)
II. ImpactA rogue DHCP server may be able to execute arbitrary code with root privileges on a vulnerable client system.
III. SolutionApply a patch or update from your vendor
For vendor-specific information regarding vulnerable status and patch availability, please see the Systems Affected section of this document.
Upgrade your version of DHCP
Upgrade your system as specified by your vendor. If you need to upgrade DHCP manually, according to ISC:
Upgrade to 4.1.0p1, 4.0.1p1, or 3.1.2p1
There are no fixes planned for DHCP 3.0 or DHCP 2.0, as those release trains have reached End-Of-Life.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| 3com, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| ACCESS | Unknown | 2009-06-23 | 2009-06-23 |
| Alcatel-Lucent | Unknown | 2009-06-23 | 2009-06-23 |
| Apple Inc. | Not Vulnerable | 2009-06-23 | 2009-06-24 |
| AT&T | Unknown | 2009-06-23 | 2009-06-23 |
| Avaya, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Barracuda Networks | Unknown | 2009-06-23 | 2009-06-23 |
| Belkin, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Borderware Technologies | Unknown | 2009-06-23 | 2009-06-23 |
| Bro | Unknown | 2009-06-23 | 2009-06-23 |
| Charlotte's Web Networks | Unknown | 2009-06-23 | 2009-06-23 |
| Check Point Software Technologies | Unknown | 2009-06-23 | 2009-06-23 |
| Cisco Systems, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Clavister | Unknown | 2009-06-23 | 2009-06-23 |
| Computer Associates | Unknown | 2009-06-23 | 2009-06-23 |
| Computer Associates eTrust Security Management | Not Vulnerable | 2009-06-23 | 2009-06-25 |
| Conectiva Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Cray Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| D-Link Systems, Inc. | Unknown | 2009-06-26 | 2009-06-26 |
| Debian GNU/Linux | Unknown | 2009-06-23 | 2009-06-23 |
| DragonFly BSD Project | Unknown | 2009-06-23 | 2009-06-23 |
| EMC Corporation | Unknown | 2009-06-23 | 2009-06-23 |
| Engarde Secure Linux | Unknown | 2009-06-23 | 2009-06-23 |
| Enterasys Networks | Unknown | 2009-06-23 | 2009-06-23 |
| Ericsson | Unknown | 2009-06-23 | 2009-06-23 |
| eSoft, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Extreme Networks | Unknown | 2009-06-23 | 2009-06-23 |
| F5 Networks, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Fedora Project | Unknown | 2009-06-23 | 2009-06-23 |
| Force10 Networks, Inc. | Not Vulnerable | 2009-06-23 | 2009-07-14 |
| Fortinet, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Foundry Networks, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| FreeBSD, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Fujitsu | Unknown | 2009-06-23 | 2009-06-23 |
| Gentoo Linux | Vulnerable | 2009-06-23 | 2009-07-14 |
| Global Technology Associates | Unknown | 2009-06-23 | 2009-06-23 |
| Hewlett-Packard Company | Unknown | 2009-06-23 | 2009-06-23 |
| Hitachi | Unknown | 2009-06-23 | 2009-06-23 |
| IBM Corporation | Unknown | 2009-06-24 | 2009-06-24 |
| IBM eServer | Unknown | 2009-06-23 | 2009-06-23 |
| Infoblox | Not Vulnerable | 2009-06-23 | 2009-07-29 |
| Intel Corporation | Unknown | 2009-06-23 | 2009-06-23 |
| Internet Security Systems, Inc. | Vulnerable | 2009-06-23 | 2009-07-15 |
| Internet Systems Consortium | Unknown | 2009-06-24 | 2009-06-24 |
| Internet Systems Consortium - DHCP | Unknown | 2009-06-24 | 2009-06-24 |
| Intoto | Unknown | 2009-06-23 | 2009-06-23 |
| IP Filter | Unknown | 2009-06-23 | 2009-06-23 |
| Juniper Networks, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Luminous Networks | Unknown | 2009-06-23 | 2009-06-23 |
| m0n0wall | Unknown | 2009-06-23 | 2009-06-23 |
| Mandriva S. A. | Unknown | 2009-06-23 | 2009-06-23 |
| McAfee | Unknown | 2009-06-23 | 2009-06-23 |
| Microsoft Corporation | Not Vulnerable | 2009-06-23 | 2009-06-24 |
| MontaVista Software, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Multitech, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| NEC Corporation | Unknown | 2009-06-23 | 2009-06-23 |
| NetApp | Unknown | 2009-06-23 | 2009-06-23 |
| NetBSD | Vulnerable | 2009-06-23 | 2009-07-15 |
| netfilter | Unknown | 2009-06-23 | 2009-06-23 |
| Nokia | Unknown | 2009-06-25 | 2009-06-25 |
| Nortel Networks, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Novell, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Openwall GNU/*/Linux | Unknown | 2009-06-23 | 2009-06-23 |
| PePLink | Not Vulnerable | 2009-06-23 | 2009-07-20 |
| Process Software | Unknown | 2009-06-23 | 2009-06-23 |
| Q1 Labs | Unknown | 2009-06-23 | 2009-06-23 |
| QNX, Software Systems, Inc. | Not Vulnerable | 2009-06-23 | 2009-07-07 |
| Quagga | Unknown | 2009-06-23 | 2009-06-23 |
| RadWare, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Red Hat, Inc. | Vulnerable | 2009-06-23 | 2009-07-16 |
| Redback Networks, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| SafeNet | Not Vulnerable | 2009-06-23 | 2009-07-03 |
| Secureworx, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Silicon Graphics, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Slackware Linux Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| SmoothWall | Not Vulnerable | 2009-06-23 | 2009-06-25 |
| Snort | Unknown | 2009-06-23 | 2009-06-23 |
| Soapstone Networks | Unknown | 2009-06-23 | 2009-06-23 |
| Sony Corporation | Unknown | 2009-06-23 | 2009-06-23 |
| Sourcefire | Unknown | 2009-06-23 | 2009-06-23 |
| Stonesoft | Unknown | 2009-06-23 | 2009-06-23 |
| Sun Microsystems, Inc. | Not Vulnerable | 2009-06-23 | 2009-06-26 |
| SUSE Linux | Unknown | 2009-06-23 | 2009-06-23 |
| Symantec | Unknown | 2009-06-23 | 2009-06-23 |
| The SCO Group | Not Vulnerable | 2009-06-23 | 2009-06-30 |
| TippingPoint, Technologies, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Turbolinux | Unknown | 2009-06-23 | 2009-06-23 |
| U4EA Technologies, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Ubuntu | Vulnerable | 2009-06-23 | 2009-07-14 |
| Unisys | Unknown | 2009-06-23 | 2009-06-23 |
| VMware | Unknown | 2009-06-29 | 2009-06-29 |
| Vyatta | Unknown | 2009-06-23 | 2009-06-23 |
| Watchguard Technologies, Inc. | Unknown | 2009-06-23 | 2009-06-23 |
| Wind River Systems, Inc. | Not Vulnerable | 2009-06-23 | 2009-06-29 |
| ZyXEL | Unknown | 2009-06-23 | 2009-06-23 |
References
https://www.isc.org/node/468
Credit
This vulnerability was reported by ISC, who in turn credit the Mandriva Linux Engineering Team with discovering and reporting the vulnerability.
This document was written by Will Dormann.
Other Information
| Date Public: | 2009-07-14 |
| Date First Published: | 2009-07-14 |
| Date Last Updated: | 2009-07-29 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2009-0692 |
| NVD-ID(s): | CVE-2009-0692 |
| US-CERT Technical Alerts: | |
| Metric: | 19.95 |
| Document Revision: | 27 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader