Date:         Wed, 15 Jul 2009 15:13:55 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: dhcp on SL3.x, SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: dhcp security update
Issue date:	2009-07-14
CVE Names:	CVE-2009-0692 CVE-2009-1893

The Mandriva Linux Engineering Team discovered a stack-based buffer
overflow flaw in the ISC DHCP client. If the DHCP client were to receive 
a malicious DHCP response, it could crash or execute arbitrary code with 
the permissions of the client (root). (CVE-2009-0692)

An insecure temporary file use flaw was discovered in the DHCP daemon's
init script ("/etc/init.d/dhcpd"). A local attacker could use this flaw 
to overwrite an arbitrary file with the output of the "dhcpd -t" command 
via a symbolic link attack, if a system administrator executed the DHCP 
init script with the "configtest", "restart", or "reload" option.
(CVE-2009-1893)

SL 3.0.x

      SRPMS:
dhcp-3.0.1-10.2_EL3.src.rpm
      i386:
dhclient-3.0.1-10.2_EL3.i386.rpm
dhcp-3.0.1-10.2_EL3.i386.rpm
dhcp-devel-3.0.1-10.2_EL3.i386.rpm
      x86_64:
dhclient-3.0.1-10.2_EL3.x86_64.rpm
dhcp-3.0.1-10.2_EL3.x86_64.rpm
dhcp-devel-3.0.1-10.2_EL3.x86_64.rpm

SL 4.x

      SRPMS:
dhcp-3.0.1-65.el4_8.1.src.rpm
      i386:
dhclient-3.0.1-65.el4_8.1.i386.rpm
dhcp-3.0.1-65.el4_8.1.i386.rpm
dhcp-devel-3.0.1-65.el4_8.1.i386.rpm
      x86_64:
dhclient-3.0.1-65.el4_8.1.x86_64.rpm
dhcp-3.0.1-65.el4_8.1.x86_64.rpm
dhcp-devel-3.0.1-65.el4_8.1.x86_64.rpm


-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-0692 Critical: dhcp SL3.x, SL4.x i386/x86_64

Critical: dhcp security update

Summary

Date:         Wed, 15 Jul 2009 15:13:55 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Critical: dhcp on SL3.x, SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: dhcp security updateIssue date:	2009-07-14CVE Names:	CVE-2009-0692 CVE-2009-1893The Mandriva Linux Engineering Team discovered a stack-based bufferoverflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692)An insecure temporary file use flaw was discovered in the DHCP daemon'sinit script ("/etc/init.d/dhcpd"). A local attacker could use this flaw to overwrite an arbitrary file with the output of the "dhcpd -t" command via a symbolic link attack, if a system administrator executed the DHCP init script with the "configtest", "restart", or "reload" option.(CVE-2009-1893)SL 3.0.x      SRPMS:dhcp-3.0.1-10.2_EL3.src.rpm      i386:dhclient-3.0.1-10.2_EL3.i386.rpmdhcp-3.0.1-10.2_EL3.i386.rpmdhcp-devel-3.0.1-10.2_EL3.i386.rpm      x86_64:dhclient-3.0.1-10.2_EL3.x86_64.rpmdhcp-3.0.1-10.2_EL3.x86_64.rpmdhcp-devel-3.0.1-10.2_EL3.x86_64.rpmSL 4.x      SRPMS:dhcp-3.0.1-65.el4_8.1.src.rpm      i386:dhclient-3.0.1-65.el4_8.1.i386.rpmdhcp-3.0.1-65.el4_8.1.i386.rpmdhcp-devel-3.0.1-65.el4_8.1.i386.rpm      x86_64:dhclient-3.0.1-65.el4_8.1.x86_64.rpmdhcp-3.0.1-65.el4_8.1.x86_64.rpmdhcp-devel-3.0.1-65.el4_8.1.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News