-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: dhcp
Advisory ID: MDKSA-2004:061
Date: June 22nd, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
A vulnerability in how ISC's DHCPD handles syslog messages can allow a
malicious attacker with the ability to send special packets to the
DHCPD listening port to crash the daemon, causing a Denial of Service.
It is also possible that they may be able to execute arbitrary code on
the vulnerable server with the permissions of the user running DHCPD,
which is usually root.
A similar vulnerability also exists in the way ISC's DHCPD makes use
of the vsnprintf() function on system that do not support vsnprintf().
This vulnerability could also be used to execute arbitrary code and/or
perform a DoS attack. The vsnprintf() statements that have this
problem are defined after the vulnerable code noted above, which would
trigger the previous problem rather than this one.
Thanks to Gregory Duchemin and Solar Designer for discovering these
flaws.
The updated packages contain 3.0.1rc14 which is not vulnerable to these
problems. Only ISC DHCPD 3.0.1rc12 and 3.0.1rc13 are vulnerable to
these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0461
http://www.kb.cert.org/vuls/id/317350
http://www.kb.cert.org/vuls/id/654390
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
574eac52ddcacf16291f6576a8d88f6a 10.0/RPMS/dhcp-client-3.0-1.rc14.0.1.100mdk.i586.rpm
daa97478495244b8c5d58702702dc0f1 10.0/RPMS/dhcp-common-3.0-1.rc14.0.1.100mdk.i586.rpm
734a616781e92b6458a8417eb14161ca 10.0/RPMS/dhcp-devel-3.0-1.rc14.0.1.100mdk.i586.rpm
430beae5883163e375d998c081faf7da 10.0/RPMS/dhcp-relay-3.0-1.rc14.0.1.100mdk.i586.rpm
6bbe45c7d34fd77200af87e680083476 10.0/RPMS/dhcp-server-3.0-1.rc14.0.1.100mdk.i586.rpm
0ba079c89ac39a926ad929eea0d039fc 10.0/SRPMS/dhcp-3.0-1.rc14.0.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
cd75604fcba80ce0bf21951a3ba73ff3 amd64/10.0/RPMS/dhcp-client-3.0-1.rc14.0.1.100mdk.amd64.rpm
68183a2721f0265deee61e518f2452c6 amd64/10.0/RPMS/dhcp-common-3.0-1.rc14.0.1.100mdk.amd64.rpm
47a4ea90cae82e3de6e3a27d92cef456 amd64/10.0/RPMS/dhcp-devel-3.0-1.rc14.0.1.100mdk.amd64.rpm
a3f9fc9203b91344471fb12cba5e6011 amd64/10.0/RPMS/dhcp-relay-3.0-1.rc14.0.1.100mdk.amd64.rpm
61a6a5e36b700bf1281c0009f85ed163 amd64/10.0/RPMS/dhcp-server-3.0-1.rc14.0.1.100mdk.amd64.rpm
0ba079c89ac39a926ad929eea0d039fc amd64/10.0/SRPMS/dhcp-3.0-1.rc14.0.1.100mdk.src.rpm
Mandrakelinux 9.2:
a612a277ca12c0849143d22dad13b975 9.2/RPMS/dhcp-client-3.0-1.rc14.0.1.92mdk.i586.rpm
ed71711e48503ea62da6b5b15d3cf0d5 9.2/RPMS/dhcp-common-3.0-1.rc14.0.1.92mdk.i586.rpm
bdc249338103e5a811b25f366f85d379 9.2/RPMS/dhcp-devel-3.0-1.rc14.0.1.92mdk.i586.rpm
78b5b964a6f3e71903c97d933136d8e0 9.2/RPMS/dhcp-relay-3.0-1.rc14.0.1.92mdk.i586.rpm
50433f11a2d1ee06fc4e8bd2a53d0952 9.2/RPMS/dhcp-server-3.0-1.rc14.0.1.92mdk.i586.rpm
4372c59939884d2f4717028f8751c123 9.2/SRPMS/dhcp-3.0-1.rc14.0.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
7d8a75f6e07ca949fcd0ae1b839829d6 amd64/9.2/RPMS/dhcp-client-3.0-1.rc14.0.1.92mdk.amd64.rpm
d1cf956a03cb711385038ade1fe96eb4 amd64/9.2/RPMS/dhcp-common-3.0-1.rc14.0.1.92mdk.amd64.rpm
8855a669ada369c6a543ae30de40afb6 amd64/9.2/RPMS/dhcp-devel-3.0-1.rc14.0.1.92mdk.amd64.rpm
ef663e3fcd1cc9e3bf4132265bbcbb3d amd64/9.2/RPMS/dhcp-relay-3.0-1.rc14.0.1.92mdk.amd64.rpm
df53ebb708b9ccf08c499be5d20e8eeb amd64/9.2/RPMS/dhcp-server-3.0-1.rc14.0.1.92mdk.amd64.rpm
4372c59939884d2f4717028f8751c123 amd64/9.2/SRPMS/dhcp-3.0-1.rc14.0.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFA2HwumqjQ0CJFipgRAk3oAJ9Ex/mmIrxQaoB80FgS2rT7jPca6ACg062R
L8CiWcSE98BQSvF5ZW13MXo=
=d5+I
-----END PGP SIGNATURE-----
