dhcp losing its syslog socket
David W. Hankins
David_Hankins at isc.org
Mon Aug 28 15:08:08 UTC 2006
On Sun, Aug 27, 2006 at 10:23:19PM -0500, John Hascall wrote:
> Has anyone else seen dhcpd (running 3.0.1rc13 here)
Changes since 3.0.1rc13
! CAN-2004-0460 - CERT VU#317350: Five stack overflow exploits were closed
in logging messages with excessively long hostnames provided by the
clients. It is highly probable that these could have been used by
attackers to gain arbitrary root access on systems using ISC DHCP 3.0.1
release candidates 12 or 13. Special thanks to Gregory Duchemin for
both finding and solving the problem.
! CAN-2004-0461 - CERT VU#654390: Once the above was closed, an opening
in log_*() functions was evidented, on some specific platforms where
vsnprintf() was not believed to be available and calls were wrapped to
sprintf() instead. Again, credit goes to Gregory Duchemin for finding
the problem. Calls to snprintf() are now linked to a distribution-local
snprintf implementation, only in those cases where the architecture is
not known to provide one (see includes/cf/[arch].h). If you experience
linking problems with snprintf/vsnprintf or 'isc_print_' functions, this
is where to look. This vulnerability did not exist in any previously
published version of ISC DHCP.
Upgrade to 3.0.4 minimally. I wouldn't mind more eyeballs on
3.0.5rc1, or better yet wait a few days and try 3.0.5rc2 when I
announce it soon.
ISC Training! October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DDNS & DHCP. Email training at isc.org.
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
More information about the dhcp-users