Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
91
security advisoryGentoobuffer overflowGentoo: GLSA-202310-01 Moderate: Network Service Exploit Vulnerability
A buffer overflow in pump might allow remote attacker to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201911-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: pump: User-assisted execution of arbitrary code Date: November 07, 2019 Bugs: #694314 ID: 201911-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow in pump might allow remote attacker to execute arbitrary code. Background ========= BOOTP and DHCP client for automatic IP configuration. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/pump
Nov 07, 2019
•Important
Gentoo
197
security advisoryDebianarbitrary code executionDebian 8: DLA-1908-1 Critical: Pump Arbitrary Code Execution
It was discovered that there was an arbitrary code execution vulnerability in the pump BOOTP and DHCP client. When copying the body of the server response, the ethernet packet . Package : pump Version : 0.8.24-7+deb8u1 Debian Bug : #933674 It was discovered that there was an arbitrary code execution vulnerability in the pump BOOTP and DHCP client. When copying the body of the server response, the ethernet packet length could be forged leading to being able to overwrite up to "ETH_FRAME_LEN - sizeof(*ipHdr) - sizeof(*udpHdr) - sizeof(*bresp)" bytes of stack memory. Thanks to for the report and patch. For Debian 8 "Jessie", this issue has been fixed in pump version 0.8.24-7+deb8u1. We recommend that you upgrade your pump packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'`
Sep 02, 2019
•Critical
Debian LTS
98
security advisoryRed HatupdateRed Hat 6.0: RHSA-1999:027-02 Critical: Pump Remote Exploit
New version of pump, 0.7.0, fixes several problems, including a potential security hole. We strongly recommend that all users using DHCP upgrade to pump 0.7.0, particularly if you use DHCP on a public network such as a cable modem or ADSL service. . Red Hat, Inc. Security Advisory Package pump Synopsis Bugs fixed in pump (DHCP client) [CORRECTION] Advisory ID RHSA-1999:027-02 Issue Date 1999-08-11 Updated on 1999-08-14 Keywords pump DHCP RoadRunner @Home 1. Topic: New version of pump, 0.7.0, fixes several problems, including a potential security hole. We strongly recommend that all users using DHCP upgrade to pump 0.7.0, particularly if you use DHCP on a public network such as a cable modem or ADSL service. This is a correction to our previous announcement, which did not mention the security bug that is fixed in pump 0.7.0. 2. Bug IDs fixed: 3263 3. Relevant releases/architectures: Red Hat Linux 6.0, all architectures 4. Obsoleted by: None 5. Conflicts with: None 6. RPMs required: Intel: pump-0.7.0- 1.i386.rpm Alpha: pump-0.7.0- 1.alpha.rpm SPARC: pump-0.7.0- 1.sparc.rpm Source: pump-0.7.0- 1.src.rpm Architecture neutral: 7. Problem description: o DHCP did not work with some @Home and RoadRunner (and potentially other) servers. o Some (broken) servers did not return server address properly; in these cases, pump now reuses the broadcast address. o There was a security hole with the potential for a remote root exploit in certain configurations where DHCP is used on public networks 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh filename where filename is the nameof the RPM. 9. Verification: MD5 sum Package Name ------------------------------------------------------------------------- a93c710c0ce18e79b3dd33d268ae7752 i386/pump-0.7.0-1.i386.rpm 53df0de539645b34ad93272f3b4e6d97 alpha/pump-0.7.0-1.alpha.rpm d56bac8b659b353894092869782d59cc sparc/pump-0.7.0-1.sparc.rpm 2f18a5c39cdd327e0406df1ab5308549 SRPMS/pump-0.7.0-1.src.rpm These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp filename 10. References: . Red Hat, Inc. alert regarding urgent repairs for severe vulnerabilities in DHCP client. Users are advised to perform upgrades.. pump DHCP client update, Red Hat security fix, DHCP upgrade. . Severity: Critical. LinuxSecurity.com Team
Dec 07, 1999
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!