Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2002-028.0] Linux: dhcpd dynamic DNS format string vulnerability
From: security () caldera com
Date: Wed, 19 Jun 2002 14:43:59 -0700

To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com


______________________________________________________________________________

                Caldera International, Inc.  Security Advisory

Subject:                Linux: dhcpd dynamic DNS format string vulnerability
Advisory number:        CSSA-2002-028.0
Issue date:             2002 June 19
Cross reference:
______________________________________________________________________________


1. Problem Description

        A remote exploitable format string vulnerability was found in
        the logging routines of the dynamic DNS code of dhcpd. This
        vulnerability can allow an attacker to get root access to the
        host running dhcpd.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to dhcp-3.0b2pl9-11.i386.rpm
                                        prior to dhcp-server-3.0b2pl9-11.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to dhcp-3.0b2pl9-11.i386.rpm

        OpenLinux 3.1 Server            prior to dhcp-3.0b2pl9-11.i386.rpm
                                        prior to dhcp-server-3.0b2pl9-11.i386.rpm

        OpenLinux 3.1 Workstation       prior to dhcp-3.0b2pl9-11.i386.rpm


3. Solution

        The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

        4.2 Packages

        09faf40bb1b20919080b3a3ed36d8081        dhcp-3.0b2pl9-11.i386.rpm
        55c93437d6573cb8132a16ccd2c6c69e        dhcp-server-3.0b2pl9-11.i386.rpm

        4.3 Installation

        rpm -Fvh dhcp-3.0b2pl9-11.i386.rpm
        rpm -Fvh dhcp-server-3.0b2pl9-11.i386.rpm

        4.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

        4.5 Source Packages

        d767e875975fcc76c912f9e41e4d83cf        dhcp-3.0b2pl9-11.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

        5.2 Packages

        b28af5a9d9aff4f79b683a3187d09545        dhcp-3.0b2pl9-11.i386.rpm

        5.3 Installation

        rpm -Fvh dhcp-3.0b2pl9-11.i386.rpm

        5.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

        5.5 Source Packages

        9a2f6bf27b28c5033353caceb1540979        dhcp-3.0b2pl9-11.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

        6.2 Packages

        732ba73b4108dd30d5bd3704ad8e47be        dhcp-3.0b2pl9-11.i386.rpm
        d2591a5b6021b2512603963e8f48c422        dhcp-server-3.0b2pl9-11.i386.rpm

        6.3 Installation

        rpm -Fvh dhcp-3.0b2pl9-11.i386.rpm
        rpm -Fvh dhcp-server-3.0b2pl9-11.i386.rpm

        6.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

        6.5 Source Packages

        d8fd6b2a37fc3315fef9c873cea1172e        dhcp-3.0b2pl9-11.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

        7.2 Packages

        d60a246831ce062e2b4228b2d6946c7b        dhcp-3.0b2pl9-11.i386.rpm

        7.3 Installation

        rpm -Fvh dhcp-3.0b2pl9-11.i386.rpm

        7.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

        7.5 Source Packages

        7c1642355347a47278dbd1afd6d3d44f        dhcp-3.0b2pl9-11.src.rpm


8. References

        Specific references for this advisory:
                http://www.cert.org/advisories/CA-2002-12.html 

        Caldera security resources:
                http://www.caldera.com/support/security/index.html

        This security fix closes Caldera incidents sr864837, fz521045,
        erg712050.


9. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on this website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera products.


10. Acknowledgements

        This vulnerability was dicovered and researched by Next Generation
        Security Technologies.

______________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2002-028.0] Linux: dhcpd dynamic DNS format string vulnerability security (Jun 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault