The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges.
As described in RFC 2131, "The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network." ISC DHCP is a reference implementation of the DHCP protocol, including a DHCP server, client, and relay agent.
The ISC DHCP client code (dhclient) contains a stack buffer overflow in the script_write_params() method. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. According to ISC, the following versions are affected:
A rogue DHCP server may be able to execute arbitrary code with root privileges on a vulnerable client system.
Apply a patch or update from your vendor
For vendor-specific information regarding vulnerable status and patch availability, please see the Systems Affected section of this document.
Internet Security Systems, Inc.
Red Hat, Inc.
Computer Associates eTrust Security Management
Force10 Networks, Inc.
QNX, Software Systems, Inc.
Sun Microsystems, Inc.
The SCO Group
Wind River Systems, Inc.
Charlotte's Web Networks
Check Point Software Technologies
Cisco Systems, Inc.
D-Link Systems, Inc.
DragonFly BSD Project
Engarde Secure Linux
F5 Networks, Inc.
Foundry Networks, Inc.
Global Technology Associates
Internet Systems Consortium
Internet Systems Consortium - DHCP
Juniper Networks, Inc.
Mandriva S. A.
MontaVista Software, Inc.
Nortel Networks, Inc.
Redback Networks, Inc.
Silicon Graphics, Inc.
Slackware Linux Inc.
TippingPoint, Technologies, Inc.
U4EA Technologies, Inc.
Watchguard Technologies, Inc.
This vulnerability was reported by ISC, who in turn credit the Mandriva Linux Engineering Team with discovering and reporting the vulnerability.
This document was written by Will Dormann.
|Date First Published:||2009-07-14|
|Date Last Updated:||2009-07-29 16:45 UTC|