Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 277729 (CVE-2009-0692)

Summary: <net-misc/dhcp-3.1.1-r1 dhclient Stack-based buffer overflow (CVE-2009-0692)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: blocker CC: axiator, chainsaw, robbat2
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.kb.cert.org/vuls/id/410676
Whiteboard: A0 [glsa]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-07-13 23:04:41 UTC
+++ This bug was initially created as a clone of Bug #275231 +++

** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

ISC dhclient has a stack overflow vulnerability which makes it
theoretically possible for a rogue DHCP server to execute arbitrary
commands as root on the affected system through stack return
subversion.

...
Fix:
        Upgrade to 4.1.0p1, 4.0.1p1, or 3.1.2p1

        There are no fixes planned for DHCP 3.0 or DHCP 2.0, as those
        release trains have reached End-Of-Life.
...
CVE:    VU#410676, pre-assigned CVE# CVE-2009-0692
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-07-14 17:33:42 UTC
This is now public as per $URL.
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-07-14 18:20:18 UTC
GLSA 200907-12
Comment 3 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-07-15 19:22:13 UTC
CVE-2009-0692 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0692):
  Stack-based buffer overflow in the script_write_params method in
  client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before
  4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers
  to execute arbitrary code via a crafted subnet-mask option.