Bug 2645

Summary:	Format String Vulnerability in net-misc/dhcp (ISC DHCPD)
Product:	Gentoo Linux	Reporter:	Michael Thompson <psionix>
Component:	New packages	Assignee:	Ferry Meyndert (RETIRED) <m0rpheus>
Status:	RESOLVED FIXED
Severity:	enhancement
Priority:	High
Version:	1.1a
Hardware:	All
OS:	Linux
URL:	http://www.cert.org/advisories/CA-2002-12.html
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	New ebuild for net-misc/dhcp. dhcp-3.0-r1.ebuild Patch. dhcp-3.0-gentoo.diff Disgest. digest-dhcp-3.0-r1

Description Michael Thompson 2002-05-10 17:48:45 UTC

Next Generation Security Technologies and CERT released an advisory for ISC DHCPD.  I've created 
a new ebuild that uses the patch created by Next Generation Security Technologies.

--- 
common/print.c      Wed Aug  8 09:49:20 2001
+++ common/print.c      Fri May 10 17:25:39 2002
@@ -1366,8 
+1366,8 @@
                *s++ = '.';
        *s++ = 0;
        if (errorp)
-               log_error (obuf);
+               log_error 
("%s",obuf);
        else
-               log_info (obuf);
+               log_info ("%s",obuf);
 }
 #endif /* NSUPDATE 
*/

Comment 1 Michael Thompson 2002-05-10 17:49:59 UTC

Created attachment 938 [details]
New ebuild for net-misc/dhcp.  dhcp-3.0-r1.ebuild

Comment 2 Michael Thompson 2002-05-10 17:50:52 UTC

Created attachment 939 [details, diff]
Patch.  dhcp-3.0-gentoo.diff

Comment 3 Michael Thompson 2002-05-10 17:52:03 UTC

Created attachment 940 [details]
Disgest. digest-dhcp-3.0-r1

Comment 4 Michael Thompson 2002-05-10 17:55:24 UTC

Supposed to be enhancement.  Sorry.

Comment 5 Sandy McArthur 2002-05-16 15:05:28 UTC

I've commited an ebuild for this that uses the upstream release instead of patching.