[PLDSA 19-1] New dhcp packages fix arbitrary code execution

Krzysiek Taraszka dzimi at pld.org.pl
Thu Jan 30 14:11:45 CET 2003 

- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 19-1                        security at pld.org.pl
http://www.pld.org.pl/security/                          PLD Security Team
16 January 2003 			http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------

Package        : prior to dhcp-3.0pl1-2		
Vulnerability  : stack overflows
Problem-Type   : remote
PLD-specific   : no
CVE references : CAN-2003-0026
CERT advisory  : VU#284857 CA-2003-01

The Internet Software Consortium discoverd several vulnerabilities
during an audit of the ISC DHCP Daemon.  The vulnerabilities exist in
error handling routines within the minires library and may be
exploitable as stack overflows.  This could allow a remote attacker to
execute arbitrary code under the user id the dhcpd runs under, usually
root.  Other DHCP servers than dhcp3 doesn't seem to be affected.

The above problems have been fixed in version 3.0pl2-1 for the
current stable distribution (ra).

We recommend that you upgrade your dhcp packages.

wget -c url
	will fetch the file for you
rpm -Uhv file(s)*.rpm
        will upgrade the referenced file.

If you are using "poldek" - the package manager, use the line as given below
for upgrade packages

poldek --update
        will update the internal database
poldek --upgrade 'dhcp*'
        will install corrected packages

If you are using "apt" - the package manager, use the line as given below
for upgrade packages

apt-get update
        will update the internal database
apt-get upgrade 'dhcp*'
        will install corrected packages

PLD Linux 1.0 alias ra
- --------------------

  Source archives:

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/dhcp-3.0pl2-1.src.rpm
       MD5 checksum: 8db9b5e4458636760716abb3aebeea5c


  I386 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/dhcp-3.0pl2-1.i386.rpm
       MD5 checksum: 10afe57c7a76846fd7ebdba9b1c28957

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/dhcp-client-3.0pl2-1.i386.rpm
       MD5 checksum: 07d1515ac8ade6534ca862e42f1f0946

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/dhcp-devel-3.0pl2-1.i386.rpm
       MD5 checksum: 746f73f3f929734f588717184737d1b0

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/dhcp-relay-3.0pl2-1.i386.rpm
       MD5 checksum: 0c770dc69e4f8be5f2ea54c88c9f3cd4


  I586 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/dhcp-3.0pl2-1.i586.rpm
       MD5 checksum: 5ca6a565e8c37a2e2a9f664557e42251

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/dhcp-client-3.0pl2-1.i586.rpm
       MD5 checksum: be6444f7511850428f158e5c82fbfca8

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/dhcp-devel-3.0pl2-1.i586.rpm
       MD5 checksum: 6b52f7b148fe219ac13768e2689884d2

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/dhcp-relay-3.0pl2-1.i586.rpm
       MD5 checksum: fc5a4f30b4a318dd25099f34af23a45d


  I686 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/dhcp-3.0pl2-1.i686.rpm
       MD5 checksum: 4d7704c2cd83092153b4ea0ef3129f25

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/dhcp-client-3.0pl2-1.i686.rpm
       MD5 checksum: 9c103ecfa0d11062d0c87f6634d44ff0

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/dhcp-devel-3.0pl2-1.i686.rpm
       MD5 checksum: 574fa0da99837267464df8d473e79bec

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/dhcp-relay-3.0pl2-1.i686.rpm
       MD5 checksum: f1a63a2b3345e49b9c1dd7b1be386e98


  PowerPC Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/dhcp-3.0pl2-1.ppc.rpm
       MD5 checksum: d11491773d31789f849f620eec18bccf

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/dhcp-client-3.0pl2-1.ppc.rpm
       MD5 checksum: 2b812423fbf975ea17e53cb2272f98cc

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/dhcp-devel-3.0pl2-1.ppc.rpm
       MD5 checksum: 81a977172ba728dc76e7540da40c768a

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/dhcp-relay-3.0pl2-1.ppc.rpm
       MD5 checksum: b695b698607876dfdc124ad63e0c95e8


-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.

For i386 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security

More information about the pld-security-announce mailing list