Vulnerability in dhclient - Check Your Vendor For Patches

US-Cert released VU#410676 which deals with a vulnerability in the ISC DHCP dhclient application.

"The ISC DHCP client code (dhclient) contains a stack buffer overflow in the script_write_params() method. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. According to ISC, the following versions are affected:

DHCP 4.1 (all versions)

DHCP 4.0 (all versions)

DHCP 3.1 (all versions)

DHCP 3.0 (all versions)

DHCP 2.0 (all versions)"

Red Hat (no version specified) and Ubuntu are known vulnerable.

More details are available at , and

Christopher Carboni - Handler On Duty


140 Posts
Jul 22nd 2009

Sign Up for Free or Log In to start participating in the conversation!