Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 277729 (CVE-2009-0692) - <net-misc/dhcp-3.1.1-r1 dhclient Stack-based buffer overflow (CVE-2009-0692)
Summary: <net-misc/dhcp-3.1.1-r1 dhclient Stack-based buffer overflow (CVE-2009-0692)
Status: RESOLVED FIXED
Alias: CVE-2009-0692
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High blocker (vote)
Assignee: Gentoo Security
URL: http://www.kb.cert.org/vuls/id/410676
Whiteboard: A0 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-07-13 23:04 UTC by Alex Legler (RETIRED)
Modified: 2009-07-15 19:22 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-07-13 23:04:41 UTC
+++ This bug was initially created as a clone of Bug #275231 +++

** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

ISC dhclient has a stack overflow vulnerability which makes it
theoretically possible for a rogue DHCP server to execute arbitrary
commands as root on the affected system through stack return
subversion.

...
Fix:
        Upgrade to 4.1.0p1, 4.0.1p1, or 3.1.2p1

        There are no fixes planned for DHCP 3.0 or DHCP 2.0, as those
        release trains have reached End-Of-Life.
...
CVE:    VU#410676, pre-assigned CVE# CVE-2009-0692
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-07-14 17:33:42 UTC
This is now public as per $URL.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-07-14 18:20:18 UTC
GLSA 200907-12
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-07-15 19:22:13 UTC
CVE-2009-0692 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0692):
  Stack-based buffer overflow in the script_write_params method in
  client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before
  4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers
  to execute arbitrary code via a crafted subnet-mask option.