|Summary:||<net-misc/dhcp-3.1.1-r1 dhclient Stack-based buffer overflow (CVE-2009-0692)|
|Product:||Gentoo Security||Reporter:||Alex Legler (RETIRED) <a3li>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||blocker||CC:||axiator, chainsaw, robbat2|
|Package list:||Runtime testing required:||---|
Description Alex Legler (RETIRED) 2009-07-13 23:04:41 UTC
+++ This bug was initially created as a clone of Bug #275231 +++ ** Please note that this issue is confidential and no information should be disclosed until it is made public, see "Whiteboard" for a date ** ISC dhclient has a stack overflow vulnerability which makes it theoretically possible for a rogue DHCP server to execute arbitrary commands as root on the affected system through stack return subversion. ... Fix: Upgrade to 4.1.0p1, 4.0.1p1, or 3.1.2p1 There are no fixes planned for DHCP 3.0 or DHCP 2.0, as those release trains have reached End-Of-Life. ... CVE: VU#410676, pre-assigned CVE# CVE-2009-0692
Comment 1 Alex Legler (RETIRED) 2009-07-14 17:33:42 UTC
This is now public as per $URL.
Comment 2 Alex Legler (RETIRED) 2009-07-14 18:20:18 UTC
Comment 3 Alex Legler (RETIRED) 2009-07-15 19:22:13 UTC
CVE-2009-0692 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0692): Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.