Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 277729 (CVE-2009-0692) - <net-misc/dhcp-3.1.1-r1 dhclient Stack-based buffer overflow (CVE-2009-0692)
Summary: <net-misc/dhcp-3.1.1-r1 dhclient Stack-based buffer overflow (CVE-2009-0692)
Alias: CVE-2009-0692
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High blocker (vote)
Assignee: Gentoo Security
Whiteboard: A0 [glsa]
Depends on:
Reported: 2009-07-13 23:04 UTC by Alex Legler (RETIRED)
Modified: 2009-07-15 19:22 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-07-13 23:04:41 UTC
+++ This bug was initially created as a clone of Bug #275231 +++

** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

ISC dhclient has a stack overflow vulnerability which makes it
theoretically possible for a rogue DHCP server to execute arbitrary
commands as root on the affected system through stack return

        Upgrade to 4.1.0p1, 4.0.1p1, or 3.1.2p1

        There are no fixes planned for DHCP 3.0 or DHCP 2.0, as those
        release trains have reached End-Of-Life.
CVE:    VU#410676, pre-assigned CVE# CVE-2009-0692
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-07-14 17:33:42 UTC
This is now public as per $URL.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-07-14 18:20:18 UTC
GLSA 200907-12
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-07-15 19:22:13 UTC
CVE-2009-0692 (
  Stack-based buffer overflow in the script_write_params method in
  client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before
  4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers
  to execute arbitrary code via a crafted subnet-mask option.