Bug 277729 (CVE-2009-0692)

Summary:	<net-misc/dhcp-3.1.1-r1 dhclient Stack-based buffer overflow (CVE-2009-0692)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	blocker	CC:	axiator, chainsaw, robbat2
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.kb.cert.org/vuls/id/410676
Whiteboard:	A0 [glsa]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2009-07-13 23:04:41 UTC

+++ This bug was initially created as a clone of Bug #275231 +++

** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

ISC dhclient has a stack overflow vulnerability which makes it
theoretically possible for a rogue DHCP server to execute arbitrary
commands as root on the affected system through stack return
subversion.

...
Fix:
        Upgrade to 4.1.0p1, 4.0.1p1, or 3.1.2p1

        There are no fixes planned for DHCP 3.0 or DHCP 2.0, as those
        release trains have reached End-Of-Life.
...
CVE:    VU#410676, pre-assigned CVE# CVE-2009-0692

Comment 1 Alex Legler (RETIRED) archtester

2009-07-14 17:33:42 UTC

This is now public as per $URL.

Comment 2 Alex Legler (RETIRED) archtester

2009-07-14 18:20:18 UTC

GLSA 200907-12

Comment 3 Alex Legler (RETIRED) archtester

2009-07-15 19:22:13 UTC

CVE-2009-0692 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0692):
  Stack-based buffer overflow in the script_write_params method in
  client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before
  4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers
  to execute arbitrary code via a crafted subnet-mask option.