Vulnerability in dhclient - Check Your Vendor For Patches
Last Updated: 2009-07-22 20:26:01 UTC
by Chris Carboni (Version: 1)
US-Cert released VU#410676 which deals with a vulnerability in the ISC DHCP dhclient application.
"The ISC DHCP client code (dhclient) contains a stack buffer overflow in the script_write_params() method. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. According to ISC, the following versions are affected:
DHCP 4.1 (all versions)
DHCP 4.0 (all versions)
DHCP 3.1 (all versions)
DHCP 3.0 (all versions)
DHCP 2.0 (all versions)"
Red Hat (no version specified) and Ubuntu are known vulnerable.
More details are available at http://www.kb.cert.org/vuls/id/410676 , https://www.isc.org/node/468 and http://vrt-sourcefire.blogspot.com/2009/07/dont-read-this-post.html
Christopher Carboni - Handler On Duty