Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Vulnerability in dhclient - Check Your Vendor For Patches InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Vulnerability in dhclient - Check Your Vendor For Patches

Published: 2009-07-22
Last Updated: 2009-07-22 20:26:01 UTC
by Chris Carboni (Version: 1)
0 comment(s)

US-Cert released VU#410676 which deals with a vulnerability in the ISC DHCP dhclient application.

"The ISC DHCP client code (dhclient) contains a stack buffer overflow in the script_write_params() method. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. According to ISC, the following versions are affected:

DHCP 4.1 (all versions)

DHCP 4.0 (all versions)

DHCP 3.1 (all versions)

DHCP 3.0 (all versions)

DHCP 2.0 (all versions)"

Red Hat (no version specified) and Ubuntu are known vulnerable.

More details are available at http://www.kb.cert.org/vuls/id/410676 , https://www.isc.org/node/468 and http://vrt-sourcefire.blogspot.com/2009/07/dont-read-this-post.html

Christopher Carboni - Handler On Duty

Keywords:
0 comment(s)
Diary Archives