Re: [SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
On Tue, 14 Jul 2009 21:33:29 +0200
Florian Weimer <fw@deneb.enyo.de> wrote:
...
> Several remote vulnerabilities have been discovered in ISC's DHCP
> implementation:
>
> It was discovered that dhclient does not properly handle overlong
> subnet mask options, leading to a stack-based buffer overflow and
> possible arbitrary code execution. (CVE-2009-0692)
...
> For the unstable distribution (sid), these problems will be fixed
> soon.
>
> We recommend that you upgrade your dhcp3 packages.
Would it be a good idea to use something like udhcpc in the interim?
Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: