SECURITY: ISC DHCP 'dhclient' stack overflow patch releases are now available!

David W. Hankins dhankins at isc.org
Tue Jul 14 17:37:04 UTC 2009


ISC DHCP 4.1.0p1, 4.0.1p1, and 3.1.2p1 are all now available for
download.

These releases are patch level releases, correcting a stack overflow
vulnerability in all versions of 'dhclient' when processing large
netmask options.  The vulnerability is recorded as CERT VU#410676,
and CVE-2009-0692.  For more information about this vulnerability,
please refer to the vulnerability notes as they become available;

    http://www.kb.cert.org/vuls/id/410676
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692

All ISC dhclient users are urged to upgrade.  'dhcpd' or 'dhcrelay'
users are not affected.

A list of the changes in these releases has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES files within the source
distributions, or on our website:

    http://oldwww.isc.org/sw/dhcp/dhcp4_1_rel.php?noframes=1
    http://oldwww.isc.org/sw/dhcp/dhcp4_0_rel.php?noframes=1
    http://oldwww.isc.org/sw/dhcp/dhcp_rel2.php?noframes=1

These releases, and their OpenPGP-signatures are available now from:

    ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0p1.tar.gz
    ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0p1.tar.gz.sha512.asc
    ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0p1.tar.gz.sha256.asc
    ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0p1.tar.gz.sha1.asc

    ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.1p1.tar.gz
    ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.1p1.tar.gz.sha512.asc
    ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.1p1.tar.gz.sha256.asc
    ftp://ftp.isc.org/isc/dhcp/dhcp-4.0.1p1.tar.gz.sha1.asc

    ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.2p1.tar.gz
    ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.2p1.tar.gz.sha512.asc
    ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.2p1.tar.gz.sha256.asc
    ftp://ftp.isc.org/isc/dhcp/dhcp-3.1.2p1.tar.gz.sha1.asc

ISC's Release Signing Key can be obtained at:

    https://www.isc.org/about/openpgp


			Change since base release

! A stack overflow vulnerability was fixed in dhclient that could allow
  remote attackers to execute arbitrary commands as root on the system,
  or simply terminate the client, by providing an over-long subnet-mask
  option.

-- 
David W. Hankins	"If you don't do it right the first time,
Software Engineer		     you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20090714/3de98d8f/attachment.bin>


More information about the dhcp-users mailing list