Ubuntu 803-2: Dhcp vulnerability
January 27, 2010
USN-803-1 fixed a vulnerability in Dhcp
Summary
Update Instructions
References
Severity
dhcp3 vulnerability
Package Information
==========================================================Ubuntu Security Notice USN-803-2 January 27, 2010
dhcp3 vulnerability
CVE-2009-0692
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
dhcp3-client 3.1.1-1ubuntu2.2
dhcp3-client-udeb 3.1.1-1ubuntu2.2
Ubuntu 9.04:
dhcp-client 3.1.1-5ubuntu8.2
dhcp3-client 3.1.1-5ubuntu8.2
Ubuntu 9.10:
dhcp-client 3.1.2-1ubuntu7.1
dhcp3-client 3.1.2-1ubuntu7.1
After a standard system upgrade you need to restart any DHCP network
connections utilizing dhclient3 to effect the necessary changes.
Details follow:
USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to
fix the vulnerability was not properly applied on Ubuntu 8.10 and higher.
Even with the patch improperly applied, the default compiler options
reduced the vulnerability to a denial of service. Additionally, in Ubuntu
9.04 and higher, users were also protected by the AppArmor dhclient3
profile. This update fixes the problem.
Original advisory details:
It was discovered that the DHCP client as included in dhcp3 did not verify
the length of certain option fields when processing a response from an IPv4
dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a
malicious dhcp server, a remote attacker could cause a denial of service or
execute arbitrary code as the user invoking the program, typically the
'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker
should only be able to cause a denial of service in the DHCP client. In
Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3
profile.
Updated packages for Ubuntu 8.10:
Source archives:
Size/MD5: 136684 41ce48676a6d2f331d3c4959e7fb2c43
Size/MD5: 1262 fdd3cebfddb86e6751225afdd8146c22
Size/MD5: 798228 fcc19330a9c3a0efb5620409214652a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 209198 fcf5bf8aa4401c10c3389ba76eb818a7
Size/MD5: 267896 cfd07ed559c68bee83fc89fb03ce3eb5
Size/MD5: 330760 a712868b3b2eaf16e2d505e3086e81ec
Size/MD5: 126494 b51e6a963acfbea3ebf5725b55800859
Size/MD5: 390650 a80c1cedc423d862155a3a9e9fac0777
Size/MD5: 123818 65f18a176580dbf0fe5614bbd13f388e
Size/MD5: 346668 bce3018a63142e71584c3525e4171241
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 193262 f18b91feffe6cf4ac1d8133cf4ced091
Size/MD5: 251726 55229bd21a72c78fde17a30fe38e0a95
Size/MD5: 315578 8e0354d3ab52e11e6fc07945a0545d0f
Size/MD5: 117722 7033d3312735fe0b63ffb1d1bb7d7110
Size/MD5: 370448 e5c6282fb0c23d0451caf47972a6e70b
Size/MD5: 115262 110c71b180d1170c59c95326c1b70974
Size/MD5: 326076 353e282dd743017103e9aa4dd9c1dc2d
lpia architecture (Low Power Intel Architecture):
Size/MD5: 186782 cb698deb22fe9a830f1986d9c58e0ac7
Size/MD5: 245394 6437ffaa7d3a4d49306f78950aff70c2
Size/MD5: 309874 29afe6feb42c3038b74d90258c37ca68
Size/MD5: 114818 14e3540e6fb9d51d67d299dc6019a3f6
Size/MD5: 362380 9753f1fa5deb3c65c4514f0acae0de92
Size/MD5: 112644 2787ae9be82026a2b80920c1242b345e
Size/MD5: 318032 f5cf2255759493845523ecf8a4facf16
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 200178 e767df16099cec0f4094d0fcf4f203a3
Size/MD5: 258856 fd2e0942da907d2717234e1983133305
Size/MD5: 321918 97fcfb17b859c9f2e5c6a404afff45a6
Size/MD5: 120930 70df053fa58f9aa6f7a0c311febcdcde
Size/MD5: 380102 7842ae455577f4efc78a7e81ef7c8e30
Size/MD5: 119186 bbf229d93f62a2db9ea463ce1e6ae2a7
Size/MD5: 336320 85f2041e9a61b5da0b930ef7187ea3a4
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 202838 21a9861aa745b9cab0c218dc07a3dd0d
Size/MD5: 260840 b202c1fe8329022fe44d293b6da62fab
Size/MD5: 322346 00fddec901a6dea25170867fb5502a07
Size/MD5: 116596 e8907c40efa7207438cd247348e3d459
Size/MD5: 382922 d1b11fd4e938e68901c11e5544c5fd2b
Size/MD5: 119908 8c479aff08066674f500dba28eae6797
Size/MD5: 339934 cc4cbab98f53e1a7c6548676df1a7b20
Updated packages for Ubuntu 9.04:
Source archives:
Size/MD5: 139610 8f42d2a89d9895b51bf7cda7d048a8fe
Size/MD5: 1319 8d1bc4abfe718cef38b966515dbed2ca
Size/MD5: 798228 fcc19330a9c3a0efb5620409214652a9
Architecture independent packages:
Size/MD5: 25078 0c8c8654b781dfd359348daf29c56d4d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 209194 c2036cbf89fadf06827612e65b270fa7
Size/MD5: 270596 ec7aba1e07e52251229f6199a0223573
Size/MD5: 330938 63dfac630f1bec5cc87f80c8a59f670b
Size/MD5: 126706 f358b9e4c39da8a4f9a5ad80f03432de
Size/MD5: 392038 b2c7614a6969a1d95f13803fcc05ea5e
Size/MD5: 124160 e11662a9b90780f158335cfc6ec0e072
Size/MD5: 347100 3ce78d2ce5d3220685093fe45093f79f
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 193234 4ce4a6e94deedd02ce9880c32095a1dc
Size/MD5: 254246 c4e24b431dd546959a2d58e34835b7be
Size/MD5: 315788 65fe9c79b6c61a43ea19c590f999f669
Size/MD5: 117914 404018a975763e6e07a1244c9fba2735
Size/MD5: 371906 fbb82d6b560b23b95d121e067071b44b
Size/MD5: 115634 667d9f9a43ced81b80e37363afb3cf25
Size/MD5: 326396 c0188ce76180c2f6bba035bbc41d180d
lpia architecture (Low Power Intel Architecture):
Size/MD5: 186824 21a61a29cd7f4b0581a2cd13a2d37aea
Size/MD5: 248026 b11a2fb3efc72334059350ad1c6fd345
Size/MD5: 310076 54c90b71d4b1a71b853f518972367648
Size/MD5: 114990 6778c467f94ca7e2bf08ea7d7714a064
Size/MD5: 363698 2a3402bf18dc665b0e1eb3bd199afc67
Size/MD5: 112948 6230c366bf2f8898d989337de84be839
Size/MD5: 318330 5c8c569633be20b4dd9507be95694b3f
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 200224 28ff6bf0016218d897f05e77883fdd5a
Size/MD5: 261680 c7ff30b2980e3dd55799f86dcb8b765b
Size/MD5: 322124 5ec3c0a4580bc95a63b73d79154ec942
Size/MD5: 121104 d7004b603f2d1bbc0c5275972d884f22
Size/MD5: 381576 1ca43221391399df1a42767762bd8074
Size/MD5: 119534 3bf9d8f39e67f8d16de576aca0ac58ae
Size/MD5: 336580 e0214e8d474bc67423a43709b808bc11
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 202880 3314b1ebb4755d43c5f56c94ae97396a
Size/MD5: 263880 1d4644049ffa0e513b922127709e9ebb
Size/MD5: 322500 5d1ee9fd0f5d95534f0e3ef6779f789a
Size/MD5: 116750 2dd7a97cf9f4da3074d31a7284b0c6a0
Size/MD5: 384294 27e23ea099eb864c67cb13bb47165774
Size/MD5: 120152 7dfb1e80a3c4610781a667aeb9e022a7
Size/MD5: 340298 f1f6f7908d29d7c1cd2180bd2618083d
Updated packages for Ubuntu 9.10:
Source archives:
Size/MD5: 140271 3e7fa6d8fe1394673247c50a5fe707c5
Size/MD5: 1319 8b3cd399c4c2b481b07e7d96603b0321
Size/MD5: 799626 85901a9554650030df7d1ef3e5959fdf
Architecture independent packages:
Size/MD5: 26098 8eca69c9915241e2a63eb0621d512ae8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 208614 931882605562c119a9a3adf9d0f9e283
Size/MD5: 270778 0c79e209ecafc7505fd1d57bbf35d8cc
Size/MD5: 332004 b94722de40c16cef8c86de48495385ed
Size/MD5: 127028 b179bd68a57078e26fb8268a1ce852fd
Size/MD5: 394906 8784b9dafc670a4100114595c979a24c
Size/MD5: 125350 3b6ff01975ed32cdc4be577c5ccf9aca
Size/MD5: 348136 281cb8875117d227671fe3e93335f866
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 191058 d238297c084695b56b4c6f5629b394b1
Size/MD5: 252958 49646e8d3f940dc4260fbe0b7c4015f2
Size/MD5: 314976 be6d1797fd2d448f9f56a378193535af
Size/MD5: 117704 0db2819bce23745055a0e9cbe9309524
Size/MD5: 373086 a4c8d37d667600cab612739d5df45801
Size/MD5: 116318 849db7ea9d53e4e4e0cf8635252960fb
Size/MD5: 326134 c3f3ad55ab80aa289df75f0dc7ddd2bb
lpia architecture (Low Power Intel Architecture):
Size/MD5: 187336 8ec68e75ba2e0dc3a199e6c133ee5fc1
Size/MD5: 249068 6f0c14f2a797609468b0bf61cfa46f47
Size/MD5: 311902 b1cf294f3ec6c0128e5f111fe9b96b91
Size/MD5: 115508 b3db5fb1f973b2f3b778af529dbd5db2
Size/MD5: 368166 71556454d244ea809e2b5341197414e0
Size/MD5: 114482 82b5e42293f8e2e8375809266a5f4542
Size/MD5: 321572 a2f6b5a61689f5af81c7d4b568c92561
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 200000 97d5187851ad400904e7bc3d5bbcee22
Size/MD5: 262264 6cf94818bf43580d5e71e6f675912e1d
Size/MD5: 323872 f94c575fda49b9ee07da13f5479f9469
Size/MD5: 120290 7696291e50223cd89394682887319446
Size/MD5: 382306 fb931ad76c2d5cc67a503421ad140d44
Size/MD5: 120200 46a9a251388c19e8e3d6b78665f3966f
Size/MD5: 335800 525a4ac5795fdc59f35b8ac33ceed627
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 203468 8343badcf1d71fd49aaffba998b657d0
Size/MD5: 265794 ce5c77542561cdd46273df56ca0152eb
Size/MD5: 324478 45a530ef92fb611eb48643e52d48084c
Size/MD5: 116768 479e8cb3f428075a52da183b9601927d
Size/MD5: 387284 ba80c458f5f714246366c31f0d415271
Size/MD5: 121548 f5bd3f66091461e4be7ce8c4c99b8236
Size/MD5: 341020 9cbdb4d610ec617ec8c3308e8f7466c9
