Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: Vulnerability in dhclient - Check Your Vendor For Patches - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Vulnerability in dhclient - Check Your Vendor For Patches

US-Cert released VU#410676 which deals with a vulnerability in the ISC DHCP dhclient application.

"The ISC DHCP client code (dhclient) contains a stack buffer overflow in the script_write_params() method. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. According to ISC, the following versions are affected:

DHCP 4.1 (all versions)

DHCP 4.0 (all versions)

DHCP 3.1 (all versions)

DHCP 3.0 (all versions)

DHCP 2.0 (all versions)"

Red Hat (no version specified) and Ubuntu are known vulnerable.

More details are available at http://www.kb.cert.org/vuls/id/410676 , https://www.isc.org/node/468 and http://vrt-sourcefire.blogspot.com/2009/07/dont-read-this-post.html

Christopher Carboni - Handler On Duty

Chris

140 Posts

Sign Up for Free or Log In to start participating in the conversation!