[Full-disclosure] rPSA-2009-0041-1 dhclient dhcp libdhcp4client
rPath Update Announcements
announce-noreply at rpath.com
Thu Mar 12 23:02:09 GMT 2009
rPath Security Advisory: 2009-0041-1
rPath Linux 1
rPath Linux 2
Exposure Level Classification:
Remote Root Deterministic Denial of Service
dhclient=conary.rpath.com at rpl:1/3.0.7-0.4-1
dhclient=conary.rpath.com at rpl:2/3.1.2-0.2-1
dhcp=conary.rpath.com at rpl:1/3.0.7-0.4-1
dhcp=conary.rpath.com at rpl:2/3.1.2-0.2-1
libdhcp4client=conary.rpath.com at rpl:2/3.1.2-0.2-1
rPath Issue Tracking System:
Previous versions of the ISC DHCP server were vulnerable to denial
of service or arbitrary code execution attacks via malformed DHCP
packets with a large dhcp-max-message-size that trigger a
stack-based buffer overflow.
Note that rPath Linux 2 is susceptible only to a Denial of Service
in this case, due to the stack protector feature enabled as part of
rPath Linux 2.
Copyright 2009 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
Full-Disclosure is hosted and sponsored by Secunia.