Gentoo Bug 227135 - net-misc/dhcp <3.1.1 dhcp-max-message-size DoS (CVE-2007-0062)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	227135
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Davide Pesavento <davidepesa@gmail.com>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 227135 depends on:			Show dependency tree
Bug 227135 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-06-15 10:48 0000

Just having 3.1.1 in portage should be enough.

The changelog mentions:
"Fixed a buffer overflow error which could have allowed a denial of service
under unusual server configurations."
I don't know if this could be seen as a security bug...

------- Comment #1 From Carsten Lohrke 2008-06-15 15:05:44 0000 -------

Server DoS is security relevant I think.

------- Comment #2 From Carsten Lohrke 2008-06-15 15:23:26 0000 -------

Eh, assign...

------- Comment #3 From Tomas Hoger 2008-06-16 15:39:28 0000 -------

Looks like an old VMWare CVE-2007-0062.  Some more notes in:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-0062

HTH

------- Comment #4 From Tony Vroon 2008-06-27 10:12:46 0000 -------

Arches please test and mark stable 3.1.1 as it resolves a DoS through buffer
overflow (alledgedly can only be triggered under "unusual server
configurations").

------- Comment #5 From Tony Vroon 2008-06-27 10:23:45 0000 -------

AMD64 done.

------- Comment #6 From Brent Baude 2008-06-27 13:54:15 0000 -------

ppc and ppc64 done

------- Comment #7 From Markus Meier 2008-06-28 06:18:21 0000 -------

x86 stable

------- Comment #8 From Tobias Klausmann 2008-06-28 11:28:34 0000 -------

Stable on alpha.

------- Comment #9 From Jeroen Roovers 2008-06-28 16:04:39 0000 -------

Stable for HPPA.

------- Comment #10 From Ricardo Mendoza 2008-06-29 07:51:28 0000 -------

mips doesn't stabilize

------- Comment #11 From Friedrich Oslage 2008-06-29 10:12:17 0000 -------

sparc stable

------- Comment #12 From Tobias Heinlein 2008-08-07 12:58:51 0000 -------

GLSA 200808-05

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 227135

net-misc/dhcp <3.1.1 dhcp-max-message-size DoS (CVE-2007-0062)

Last modified: 2008-08-07 12:58:51 0000