SciLinux: CVE-2009-0692 Critical: dhcp SL3.x, SL4.x i386/x86_64
Summary
Date: Wed, 15 Jul 2009 15:13:55 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Critical: dhcp on SL3.x, SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Critical: dhcp security updateIssue date: 2009-07-14CVE Names: CVE-2009-0692 CVE-2009-1893The Mandriva Linux Engineering Team discovered a stack-based bufferoverflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692)An insecure temporary file use flaw was discovered in the DHCP daemon'sinit script ("/etc/init.d/dhcpd"). A local attacker could use this flaw to overwrite an arbitrary file with the output of the "dhcpd -t" command via a symbolic link attack, if a system administrator executed the DHCP init script with the "configtest", "restart", or "reload" option.(CVE-2009-1893)SL 3.0.x SRPMS:dhcp-3.0.1-10.2_EL3.src.rpm i386:dhclient-3.0.1-10.2_EL3.i386.rpmdhcp-3.0.1-10.2_EL3.i386.rpmdhcp-devel-3.0.1-10.2_EL3.i386.rpm x86_64:dhclient-3.0.1-10.2_EL3.x86_64.rpmdhcp-3.0.1-10.2_EL3.x86_64.rpmdhcp-devel-3.0.1-10.2_EL3.x86_64.rpmSL 4.x SRPMS:dhcp-3.0.1-65.el4_8.1.src.rpm i386:dhclient-3.0.1-65.el4_8.1.i386.rpmdhcp-3.0.1-65.el4_8.1.i386.rpmdhcp-devel-3.0.1-65.el4_8.1.i386.rpm x86_64:dhclient-3.0.1-65.el4_8.1.x86_64.rpmdhcp-3.0.1-65.el4_8.1.x86_64.rpmdhcp-devel-3.0.1-65.el4_8.1.x86_64.rpm-Connie Sieh-Troy Dawson