Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20090714_DHCP_ON_SL3_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : dhcp on SL3.x, SL4.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692)

An insecure temporary file use flaw was discovered in the DHCP daemon’s init script (‘/etc/init.d/dhcpd’). A local attacker could use this flaw to overwrite an arbitrary file with the output of the ‘dhcpd
-t’ command via a symbolic link attack, if a system administrator executed the DHCP init script with the ‘configtest’, ‘restart’, or ‘reload’ option. (CVE-2009-1893)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60615);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-0692", "CVE-2009-1893");

  script_name(english:"Scientific Linux Security Update : dhcp on SL3.x, SL4.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Mandriva Linux Engineering Team discovered a stack-based buffer
overflow flaw in the ISC DHCP client. If the DHCP client were to
receive a malicious DHCP response, it could crash or execute arbitrary
code with the permissions of the client (root). (CVE-2009-0692)

An insecure temporary file use flaw was discovered in the DHCP
daemon's init script ('/etc/init.d/dhcpd'). A local attacker could use
this flaw to overwrite an arbitrary file with the output of the 'dhcpd
-t' command via a symbolic link attack, if a system administrator
executed the DHCP init script with the 'configtest', 'restart', or
'reload' option. (CVE-2009-1893)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=1009
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0b92fdf1"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected dhclient, dhcp and / or dhcp-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(59, 119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL3", reference:"dhclient-3.0.1-10.2_EL3")) flag++;
if (rpm_check(release:"SL3", reference:"dhcp-3.0.1-10.2_EL3")) flag++;
if (rpm_check(release:"SL3", reference:"dhcp-devel-3.0.1-10.2_EL3")) flag++;

if (rpm_check(release:"SL4", reference:"dhclient-3.0.1-65.el4_8.1")) flag++;
if (rpm_check(release:"SL4", reference:"dhcp-3.0.1-65.el4_8.1")) flag++;
if (rpm_check(release:"SL4", reference:"dhcp-devel-3.0.1-65.el4_8.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

openvas 40
nessus 23
redhat 2
centos 1
prion 2
cve 2
oraclelinux 2
exploitpack 1
ubuntu 2
checkpoint_advisories 2
seebug 4
cert 1
checkpoint_security 1
packetstorm 1
slackware 1
exploitdb 2
freebsd 1
gentoo 1
ubuntucve 1
fedora 3
threatpost 1
osv 2
securityvulns 4
debian 2
suse 1
vmware 2
openvas
openvas
CentOS Security Advisory CESA-2009:1154 (dhcp)
2009-07-29 00:00:00
CentOS Update for dhclient CESA-2009:1154 centos3 i386
2011-08-09 00:00:00
RedHat Security Advisory RHSA-2009:1154
2009-07-29 00:00:00
nessus
nessus
Oracle Linux 3 : dhcp (ELSA-2009-1154)
2013-07-12 00:00:00
CentOS 3 : dhcp (CESA-2009:1154)
2009-07-16 00:00:00
RHEL 3 : dhcp (RHSA-2009:1154)
2009-07-15 00:00:00
redhat
redhat
(RHSA-2009:1154) Critical: dhcp security update
2009-07-14 00:00:00
(RHSA-2009:1136) Critical: dhcp security update
2009-07-14 00:00:00
centos
centos
dhclient, dhcp security update
2009-07-15 19:59:01
prion
prion
Command injection
2009-07-17 16:30:00
Stack overflow
2009-07-14 20:30:00
cve
cve
CVE-2009-1893
2009-07-17 16:30:00
CVE-2009-0692
2009-07-14 20:30:00
oraclelinux
oraclelinux
dhcp security update
2009-07-14 00:00:00
dhcp security update
2009-07-14 00:00:00
exploitpack
exploitpack
ISC DHCP dhclient 3.1.2p1 - Remote Buffer Overflow (PoC)
2009-07-27 00:00:00
ubuntu
ubuntu
Dhcp vulnerability
2010-01-27 00:00:00
dhcp vulnerability
2009-07-14 00:00:00
checkpoint_advisories
checkpoint_advisories
ISC DHCP dhclient script_write_params Stack Buffer Overflow (CVE-2009-0692)
2010-02-03 00:00:00
Preemptive Protection against DHCP Stack Overflow in 'dhclient' script_write_params()
2009-07-17 00:00:00
seebug
seebug
ISC DHCP dhclient &lt; 3.1.2p1 Remote Buffer Overflow PoC
2009-07-28 00:00:00
ISC DHCP 'dhclient' 'script_write_params()' - Stack Buffer Overflow Vulnerability
2014-07-01 00:00:00
ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability
2009-11-10 00:00:00
cert
cert
ISC DHCP dhclient stack buffer overflow
2009-07-14 00:00:00
checkpoint_security
checkpoint_security
Check Point response to ISC DHCP dhclient buffer overflow vulnerability (CVE-2009-0692)
2009-07-14 21:00:00
packetstorm
packetstorm
ISC DHCP dhclient Buffer Overflow
2009-07-28 00:00:00
slackware
slackware
dhcp
2009-07-14 17:34:59
exploitdb
exploitdb
ISC DHCP 'dhclient' 'script_write_params' - Stack Buffer Overflow Vulnerability
2009-11-10 00:00:00
ISC DHCP dhclient &lt; 3.1.2p1 - Remote Buffer Overflow (PoC)
2009-07-27 00:00:00
freebsd
freebsd
isc-dhcp-client -- Stack overflow vulnerability
2009-07-14 00:00:00
gentoo
gentoo
ISC DHCP: dhcpclient Remote execution of arbitrary code
2009-07-14 00:00:00
ubuntucve
ubuntucve
CVE-2009-0692
2009-07-14 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: dhcp-4.1.0p1-4.fc11
2009-11-10 17:47:15
[SECURITY] Fedora 10 Update: dhcp-4.0.0-37.fc10
2009-08-25 22:12:17
[SECURITY] Fedora 11 Update: dhcp-4.1.0p1-6.fc11
2010-06-24 16:20:01
threatpost
threatpost
Critical RCE Bug Found Lurking in Avaya VoIP Phones
2019-08-08 20:00:50
osv
osv
dhcp3 - arbitrary code execution
2009-07-14 00:00:00
dhcp3 - arbitrary code execution
2009-07-14 00:00:00
securityvulns
securityvulns
[Full-disclosure] [SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
2009-07-15 00:00:00
ISC DHCP client buffer overflow
2009-07-15 00:00:00
[security bulletin] HPSBMA02554 SSRT100018 rev.2 - HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service &#40;DoS&#41;, Remote Unauthorized Access
2010-07-18 00:00:00
debian
debian
[SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution
2009-08-25 19:57:28
[SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
2009-07-14 19:33:29
suse
suse
remote code execution in dhcp-client
2009-07-15 16:27:03
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
JSON
Related for SL_20090714_DHCP_ON_SL3_X.NASL
openvas40nessus23redhat2centos1prion2cve2oraclelinux2exploitpack1ubuntu2checkpoint_advisories2seebug4cert1checkpoint_security1packetstorm1slackware1exploitdb2freebsd1gentoo1ubuntucve1fedora3threatpost1osv2securityvulns4debian2suse1vmware2