Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2011:001 ] dhcp
From: security () mandriva com
Date: Fri, 07 Jan 2011 17:17:00 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:001
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : dhcp
 Date    : January 7, 2011
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in dhcp:
 
 ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover
 partnerships, allows remote attackers to cause a denial of service
 (communications-interrupted state and DHCP client service loss)
 by connecting to a port that is only intended for a failover peer,
 as demonstrated by a Nagios check_tcp process check to TCP port 520
 (CVE-2010-3616).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3616
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 352220b748d131938d7229d47d78b4be  2009.0/i586/dhcp-client-3.0.7-1.7mdv2009.0.i586.rpm
 d1ac99f1b505ae8c41ec98d8a90f40eb  2009.0/i586/dhcp-common-3.0.7-1.7mdv2009.0.i586.rpm
 becd002a9b173d9c36d851637343d053  2009.0/i586/dhcp-devel-3.0.7-1.7mdv2009.0.i586.rpm
 6276486dcfdbb62f74d3a742661a1f96  2009.0/i586/dhcp-doc-3.0.7-1.7mdv2009.0.i586.rpm
 a87cc9bc27dd4308b29a72aa44bd2cc4  2009.0/i586/dhcp-relay-3.0.7-1.7mdv2009.0.i586.rpm
 47c3b8ddba055a149e9c2a2ed8ddf1d4  2009.0/i586/dhcp-server-3.0.7-1.7mdv2009.0.i586.rpm 
 580a737a981bb37db6c221ddaad9b659  2009.0/SRPMS/dhcp-3.0.7-1.7mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 205d20102cc4ec6187de995814d29f26  2009.0/x86_64/dhcp-client-3.0.7-1.7mdv2009.0.x86_64.rpm
 1877723f76250e44bb064fd579bd9055  2009.0/x86_64/dhcp-common-3.0.7-1.7mdv2009.0.x86_64.rpm
 46a819a4c15aa3d7915eece8078bf54c  2009.0/x86_64/dhcp-devel-3.0.7-1.7mdv2009.0.x86_64.rpm
 5f34210fa0e66fee60ad81464fae2d49  2009.0/x86_64/dhcp-doc-3.0.7-1.7mdv2009.0.x86_64.rpm
 6d69a0a7419029e8fef5ecb15d94411d  2009.0/x86_64/dhcp-relay-3.0.7-1.7mdv2009.0.x86_64.rpm
 a2cc3945a870d110fdd3afc39343aedd  2009.0/x86_64/dhcp-server-3.0.7-1.7mdv2009.0.x86_64.rpm 
 580a737a981bb37db6c221ddaad9b659  2009.0/SRPMS/dhcp-3.0.7-1.7mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 7dca7b7091aeb1490d034b7406ca6568  2010.0/i586/dhcp-client-4.1.2-0.2mdv2010.0.i586.rpm
 d5d51ac715eb4f2d4ef28d0e84e47557  2010.0/i586/dhcp-common-4.1.2-0.2mdv2010.0.i586.rpm
 9b34710d1a5577e1734fc3f6d71641ab  2010.0/i586/dhcp-devel-4.1.2-0.2mdv2010.0.i586.rpm
 dee7786b4b9848d7ebad10711d96f0de  2010.0/i586/dhcp-doc-4.1.2-0.2mdv2010.0.i586.rpm
 afda5d9060e0653ce7bb41fa122fcf72  2010.0/i586/dhcp-relay-4.1.2-0.2mdv2010.0.i586.rpm
 3d8d959738fe477696e9d0cb0eb6571d  2010.0/i586/dhcp-server-4.1.2-0.2mdv2010.0.i586.rpm 
 b38f5840e56e5cd67e6595a913eeef15  2010.0/SRPMS/dhcp-4.1.2-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 8c9c26bf15bdab498a2b9eaab667fce1  2010.0/x86_64/dhcp-client-4.1.2-0.2mdv2010.0.x86_64.rpm
 e788ec071e8ba85e07ead2eb5f76799f  2010.0/x86_64/dhcp-common-4.1.2-0.2mdv2010.0.x86_64.rpm
 77112ba1f52adee40b41701ef8252f89  2010.0/x86_64/dhcp-devel-4.1.2-0.2mdv2010.0.x86_64.rpm
 7c558d5b37a9146725c806866bcd7273  2010.0/x86_64/dhcp-doc-4.1.2-0.2mdv2010.0.x86_64.rpm
 a90bd7525f31ceba3d8be408af5a2ab6  2010.0/x86_64/dhcp-relay-4.1.2-0.2mdv2010.0.x86_64.rpm
 07f9c64e4c5a2a0e92c8e24f0200c044  2010.0/x86_64/dhcp-server-4.1.2-0.2mdv2010.0.x86_64.rpm 
 b38f5840e56e5cd67e6595a913eeef15  2010.0/SRPMS/dhcp-4.1.2-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 6de8d296802f046fee8aff5f1741e76a  2010.1/i586/dhcp-client-4.1.2-0.2mdv2010.2.i586.rpm
 7734763fd15f882479227fba3b72ff53  2010.1/i586/dhcp-common-4.1.2-0.2mdv2010.2.i586.rpm
 8cbfbfd569d327a0baa157c808eeda64  2010.1/i586/dhcp-devel-4.1.2-0.2mdv2010.2.i586.rpm
 757ffeeca12cb8b2cc866cc57ef12c66  2010.1/i586/dhcp-doc-4.1.2-0.2mdv2010.2.i586.rpm
 f2866c7d32690b96cff9af0ce44cd7a6  2010.1/i586/dhcp-relay-4.1.2-0.2mdv2010.2.i586.rpm
 81da40e910c91c5bdc03a6fd855ecf82  2010.1/i586/dhcp-server-4.1.2-0.2mdv2010.2.i586.rpm 
 f6a907061ba9ad980e1b2feb861c2b38  2010.1/SRPMS/dhcp-4.1.2-0.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 58078be9d423c568a028cbbc73753d7d  2010.1/x86_64/dhcp-client-4.1.2-0.2mdv2010.2.x86_64.rpm
 415b86a4f35961d29df299172de85180  2010.1/x86_64/dhcp-common-4.1.2-0.2mdv2010.2.x86_64.rpm
 a6b8c3abeb54c2bb2529f72e79db1725  2010.1/x86_64/dhcp-devel-4.1.2-0.2mdv2010.2.x86_64.rpm
 0ee4a6c6d881fcbabf4f4a073a5cb3b1  2010.1/x86_64/dhcp-doc-4.1.2-0.2mdv2010.2.x86_64.rpm
 e0bd77c3d94ebe40309acbfcbb4c5ce8  2010.1/x86_64/dhcp-relay-4.1.2-0.2mdv2010.2.x86_64.rpm
 6bf19dbab153e587d79fdf23e4458968  2010.1/x86_64/dhcp-server-4.1.2-0.2mdv2010.2.x86_64.rpm 
 f6a907061ba9ad980e1b2feb861c2b38  2010.1/SRPMS/dhcp-4.1.2-0.2mdv2010.2.src.rpm

 Corporate 4.0:
 0759756055f4eeb33d9bc2bfe9cb6b6a  corporate/4.0/i586/dhcp-client-3.0.7-0.3.20060mlcs4.i586.rpm
 6db1ad43e4c45b5169e649254fec4643  corporate/4.0/i586/dhcp-common-3.0.7-0.3.20060mlcs4.i586.rpm
 24e06de7ed92c91cf6a4fb61990a4395  corporate/4.0/i586/dhcp-devel-3.0.7-0.3.20060mlcs4.i586.rpm
 5438ebf7987686f977ce6fa215291f0a  corporate/4.0/i586/dhcp-relay-3.0.7-0.3.20060mlcs4.i586.rpm
 f3eae776b918b21a0787aa4eca90bfb5  corporate/4.0/i586/dhcp-server-3.0.7-0.3.20060mlcs4.i586.rpm 
 0b78b88f121b8910389456327e4aed76  corporate/4.0/SRPMS/dhcp-3.0.7-0.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0c81a6a1e211458111d4de569dc3751c  corporate/4.0/x86_64/dhcp-client-3.0.7-0.3.20060mlcs4.x86_64.rpm
 99b8e557cbe451a5b48e765f9777fcce  corporate/4.0/x86_64/dhcp-common-3.0.7-0.3.20060mlcs4.x86_64.rpm
 c784d73a8594f4490b02f4f4bf9c3878  corporate/4.0/x86_64/dhcp-devel-3.0.7-0.3.20060mlcs4.x86_64.rpm
 b6e5739df340888d0f486c4bb704a6d5  corporate/4.0/x86_64/dhcp-relay-3.0.7-0.3.20060mlcs4.x86_64.rpm
 44b1091f9070185def5f1b505087aea2  corporate/4.0/x86_64/dhcp-server-3.0.7-0.3.20060mlcs4.x86_64.rpm 
 0b78b88f121b8910389456327e4aed76  corporate/4.0/SRPMS/dhcp-3.0.7-0.3.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 212002c0d99535d8d55d2019f9e60524  mes5/i586/dhcp-client-3.0.7-1.7mdvmes5.1.i586.rpm
 2e40e4182cc8f65739e83201083c59e7  mes5/i586/dhcp-common-3.0.7-1.7mdvmes5.1.i586.rpm
 ec1b13bebe71aa422695e2e8ea611141  mes5/i586/dhcp-devel-3.0.7-1.7mdvmes5.1.i586.rpm
 9e31acc697b7a3226e9242586217ccd6  mes5/i586/dhcp-doc-3.0.7-1.7mdvmes5.1.i586.rpm
 b91892afb53586e598ad1da61be401fb  mes5/i586/dhcp-relay-3.0.7-1.7mdvmes5.1.i586.rpm
 f90cea092aadd1ada7fbb6b7498f6e9f  mes5/i586/dhcp-server-3.0.7-1.7mdvmes5.1.i586.rpm 
 51d131c36f166d0c2db73468939d1db6  mes5/SRPMS/dhcp-3.0.7-1.7mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 1e08d43652114295fe73eae2d7039166  mes5/x86_64/dhcp-client-3.0.7-1.7mdvmes5.1.x86_64.rpm
 76b1963dd3cbbcc522ad721b38401e36  mes5/x86_64/dhcp-common-3.0.7-1.7mdvmes5.1.x86_64.rpm
 82c2719758d4f30a033f6f56745ad18c  mes5/x86_64/dhcp-devel-3.0.7-1.7mdvmes5.1.x86_64.rpm
 070db091fef95a1f7cd57739a6bec486  mes5/x86_64/dhcp-doc-3.0.7-1.7mdvmes5.1.x86_64.rpm
 688e65042922da02211e849cbc196f29  mes5/x86_64/dhcp-relay-3.0.7-1.7mdvmes5.1.x86_64.rpm
 894b1f07fee958e9988ece7f0bc09fd0  mes5/x86_64/dhcp-server-3.0.7-1.7mdvmes5.1.x86_64.rpm 
 51d131c36f166d0c2db73468939d1db6  mes5/SRPMS/dhcp-3.0.7-1.7mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNJwvmmqjQ0CJFipgRAlf9AJ4/ChDCuyQYP08zzVaTp8qwCDrrnACffhdq
tWsFRJ4JWWnGizO4/QwSBVQ=
=pbwi
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2011:001 ] dhcp security (Jan 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]