Red Hat, Inc. Information for VU#410676

ISC DHCP dhclient stack buffer overflow

Status

Affected

Vendor Statement

This issue affected the dhcp packages as shipped with Red Hat Enterprise Linux 3 and 4. Updated packages to correct this issue are available via Red Hat Network:

https://rhn.redhat.com/errata/CVE-2009-0692.html

This issue did not affect the dhcp packages as shipped with Red Hat Enterprise Linux 5 due to the use of FORTIFY_SOURCE protection mechanism that changes the exploitability of the issue into a controlled application termination.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

https://rhn.redhat.com/errata/RHSA-2009-1136.html
https://rhn.redhat.com/errata/CVE-2009-0692.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.