SECURITY: ISC DHCP 'dhclient' stack overflow patch releases are now available!
David W. Hankins
dhankins at isc.org
Tue Jul 14 17:37:04 UTC 2009
ISC DHCP 4.1.0p1, 4.0.1p1, and 3.1.2p1 are all now available for
download.
These releases are patch level releases, correcting a stack overflow
vulnerability in all versions of 'dhclient' when processing large
netmask options. The vulnerability is recorded as CERT VU#410676,
and CVE-2009-0692. For more information about this vulnerability,
please refer to the vulnerability notes as they become available;
http://www.kb.cert.org/vuls/id/410676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
All ISC dhclient users are urged to upgrade. 'dhcpd' or 'dhcrelay'
users are not affected.
A list of the changes in these releases has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES files within the source
distributions, or on our website:
http://oldwww.isc.org/sw/dhcp/dhcp4_1_rel.php?noframes=1
http://oldwww.isc.org/sw/dhcp/dhcp4_0_rel.php?noframes=1
http://oldwww.isc.org/sw/dhcp/dhcp_rel2.php?noframes=1
These releases, and their OpenPGP-signatures are available now from:
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0p1.tar.gz
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0p1.tar.gz.sha512.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0p1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0p1.tar.gz.sha1.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.1p1.tar.gz
ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.1p1.tar.gz.sha512.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.1p1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.1p1.tar.gz.sha1.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.2p1.tar.gz
ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.2p1.tar.gz.sha512.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.2p1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.2p1.tar.gz.sha1.asc
ISC's Release Signing Key can be obtained at:
https://www.isc.org/about/openpgp
Change since base release
! A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option.
--
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20090714/3de98d8f/attachment.bin>
More information about the dhcp-users
mailing list