Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 227135 (CVE-2007-0062) - net-misc/dhcp <3.1.1 dhcp-max-message-size DoS (CVE-2007-0062)
Summary: net-misc/dhcp <3.1.1 dhcp-max-message-size DoS (CVE-2007-0062)
Status: RESOLVED FIXED
Alias: CVE-2007-0062
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.isc.org/index.pl?/sw/dhcp/
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-15 10:48 UTC by Davide Pesavento
Modified: 2008-08-07 12:58 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Davide Pesavento gentoo-dev 2008-06-15 10:48:51 UTC
Just having 3.1.1 in portage should be enough.

The changelog mentions:
"Fixed a buffer overflow error which could have allowed a denial of service under unusual server configurations."
I don't know if this could be seen as a security bug...
Comment 1 Carsten Lohrke (RETIRED) gentoo-dev 2008-06-15 15:05:44 UTC
Server DoS is security relevant I think.
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2008-06-15 15:23:26 UTC
Eh, assign...
Comment 3 Tomas Hoger 2008-06-16 15:39:28 UTC
Looks like an old VMWare CVE-2007-0062.  Some more notes in:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-0062

HTH
Comment 4 Tony Vroon gentoo-dev 2008-06-27 10:12:46 UTC
Arches please test and mark stable 3.1.1 as it resolves a DoS through buffer overflow (alledgedly can only be triggered under "unusual server configurations").
Comment 5 Tony Vroon gentoo-dev 2008-06-27 10:23:45 UTC
AMD64 done.
Comment 6 Brent Baude (RETIRED) gentoo-dev 2008-06-27 13:54:15 UTC
ppc and ppc64 done
Comment 7 Markus Meier gentoo-dev 2008-06-28 06:18:21 UTC
x86 stable
Comment 8 Tobias Klausmann gentoo-dev 2008-06-28 11:28:34 UTC
Stable on alpha.
Comment 9 Jeroen Roovers gentoo-dev 2008-06-28 16:04:39 UTC
Stable for HPPA.
Comment 10 Ricardo Mendoza (RETIRED) gentoo-dev 2008-06-29 07:51:28 UTC
mips doesn't stabilize
Comment 11 Friedrich Oslage (RETIRED) gentoo-dev 2008-06-29 10:12:17 UTC
sparc stable
Comment 12 Tobias Heinlein (RETIRED) gentoo-dev 2008-08-07 12:58:51 UTC
GLSA 200808-05