logo
DATABASE RESOURCES PRICING ABOUT US

dhclient, dhcp security update

Description

**CentOS Errata and Security Advisory** CESA-2009:1154 The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) An insecure temporary file use flaw was discovered in the DHCP daemon's init script ("/etc/init.d/dhcpd"). A local attacker could use this flaw to overwrite an arbitrary file with the output of the "dhcpd -t" command via a symbolic link attack, if a system administrator executed the DHCP init script with the "configtest", "restart", or "reload" option. (CVE-2009-1893) Users of DHCP should upgrade to these updated packages, which contain backported patches to correct these issues. **Merged security bulletin from advisories:** https://lists.centos.org/pipermail/centos-announce/2009-July/052953.html https://lists.centos.org/pipermail/centos-announce/2009-July/052954.html **Affected packages:** dhclient dhcp dhcp-devel **Upstream details at:** https://access.redhat.com/errata/RHSA-2009:1154


Affected Package


OS OS Version Package Name Package Version
CentOS 3 dhclient 3.0.1-10.2_EL3
CentOS 3 dhcp 3.0.1-10.2_EL3
CentOS 3 dhcp-devel 3.0.1-10.2_EL3
CentOS 3 dhcp 3.0.1-10.2_EL3
CentOS 3 dhclient 3.0.1-10.2_EL3
CentOS 3 dhcp 3.0.1-10.2_EL3
CentOS 3 dhcp-devel 3.0.1-10.2_EL3
CentOS 3 dhcp 3.0.1-10.2_EL3
CentOS 3 dhclient 3.0.1-10.2_EL3
CentOS 3 dhcp 3.0.1-10.2_EL3
CentOS 3 dhcp-devel 3.0.1-10.2_EL3
CentOS 3 dhcp 3.0.1-10.2_EL3
CentOS 3 dhclient 3.0.1-10.2_EL3
CentOS 3 dhcp 3.0.1-10.2_EL3
CentOS 3 dhcp-devel 3.0.1-10.2_EL3
CentOS 3 dhcp 3.0.1-10.2_EL3

Related