Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu 10.10: USN-1108-2 Moderate: DHCP Client Privilege Escalation Risk

ubuntu
Calendar Grey April 19, 2011
Scroller Ubuntu
Fedora Security Advisory FSA-1234-5 addresses a vulnerability in the FTP service that could lead to unauthorized data exposure. Immediate action is recommended.
An attacker's DHCP server could send crafted responses to your computer and cause it to run programs as root.

Summary

An attacker's DHCP server could send crafted responses to your computer and

cause it to run programs as root.

Software Description:

- dhcp3: DHCP Client

Details:

USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix

the vulnerability was not properly applied on Ubuntu 9.10 and higher. This

update fixes the problem.

Original advisory details:

Sebastian Krahmer discovered that the dhclient utility incorrectly filtered

crafted responses. An attacker could use this flaw with a malicious DHCP

server to execute arbitrary code, resulting in root privilege escalation.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  dhcp3-client                    3.1.3-2ubuntu6.2

Ubuntu 10.04 LTS:
  dhcp3-client                    3.1.3-2ubuntu3.2

Ubuntu 9.10:
  dhcp3-client                    3.1.2-1ubuntu7.3

In general, a standard system update will make all the necessary changes.

References

CVE-2011-0997

April 19, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.