Re: [SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
From: Celejar <celejar@gmail.com>
Date: Wed, 15 Jul 2009 16:38:12 -0400
Message-id: <[🔎] 20090715163812.c9e8b744.celejar@gmail.com>
In-reply-to: <87zlb7njp2.fsf@mid.deneb.enyo.de>
References: <87zlb7njp2.fsf@mid.deneb.enyo.de>

On Tue, 14 Jul 2009 21:33:29 +0200
Florian Weimer <fw@deneb.enyo.de> wrote:

...

> Several remote vulnerabilities have been discovered in ISC's DHCP
> implementation:
> 
> It was discovered that dhclient does not properly handle overlong
> subnet mask options, leading to a stack-based buffer overflow and
> possible arbitrary code execution.  (CVE-2009-0692)

...

> For the unstable distribution (sid), these problems will be fixed
> soon.
> 
> We recommend that you upgrade your dhcp3 packages.

Would it be a good idea to use something like udhcpc in the interim?

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to:

Prev by Date: Re: http://www.debian.org/security/ does not show dsa-1753-2
Next by Date: [SEC#LVW-YnCMb-005] [SECURITY] [DSA 1834-1] New apache2 packages fix denial of service
Previous by thread: Re: http://www.debian.org/security/ does not show dsa-1753-2
Next by thread: [SEC#LVW-YnCMb-005] [SECURITY] [DSA 1834-1] New apache2 packages fix denial of service
Index(es):
- Date
- Thread