Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 2645 - Format String Vulnerability in net-misc/dhcp (ISC DHCPD)
Summary: Format String Vulnerability in net-misc/dhcp (ISC DHCPD)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Ferry Meyndert (RETIRED)
URL: http://www.cert.org/advisories/CA-200...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-05-10 17:48 UTC by Michael Thompson
Modified: 2002-05-16 15:05 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
New ebuild for net-misc/dhcp. dhcp-3.0-r1.ebuild (dhcp-3.0-r1.ebuild,2.19 KB, text/plain)
2002-05-10 17:49 UTC, Michael Thompson 		Details
Patch. dhcp-3.0-gentoo.diff (dhcp-3.0-gentoo.diff,276 bytes, patch)
2002-05-10 17:50 UTC, Michael Thompson 		Details | Diff
Disgest. digest-dhcp-3.0-r1 (digest-dhcp-3.0-r1,60 bytes, application/octet-stream)
2002-05-10 17:52 UTC, Michael Thompson 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Thompson 2002-05-10 17:48:45 UTC 
Next Generation Security Technologies and CERT released an advisory for ISC DHCPD.  I've created 
a new ebuild that uses the patch created by Next Generation Security Technologies.

--- 
common/print.c      Wed Aug  8 09:49:20 2001
+++ common/print.c      Fri May 10 17:25:39 2002
@@ -1366,8 
+1366,8 @@
                *s++ = '.';
        *s++ = 0;
        if (errorp)
-               log_error (obuf);
+               log_error 
("%s",obuf);
        else
-               log_info (obuf);
+               log_info ("%s",obuf);
 }
 #endif /* NSUPDATE 
*/
Comment 1 Michael Thompson 2002-05-10 17:49:59 UTC 
Created attachment 938 [details]
New ebuild for net-misc/dhcp.  dhcp-3.0-r1.ebuild
Comment 2 Michael Thompson 2002-05-10 17:50:52 UTC 
Created attachment 939 [details, diff]
Patch.  dhcp-3.0-gentoo.diff
Comment 3 Michael Thompson 2002-05-10 17:52:03 UTC 
Created attachment 940 [details]
Disgest. digest-dhcp-3.0-r1
Comment 4 Michael Thompson 2002-05-10 17:55:24 UTC 
Supposed to be enhancement.  Sorry.
Comment 5 Sandy McArthur 2002-05-16 15:05:28 UTC 
I've commited an ebuild for this that uses the upstream release instead of patching.