Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-803-2.NASL
HistoryJan 28, 2010 - 12:00 a.m.

Ubuntu 8.10 / 9.04 / 9.10 : dhcp3 vulnerability (USN-803-2)

2010-01-2800:00:00
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
JSON

USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch improperly applied, the default compiler options reduced the vulnerability to a denial of service.
Additionally, in Ubuntu 9.04 and higher, users were also protected by the AppArmor dhclient3 profile. This update fixes the problem.

It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the ‘dhcp’ user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-803-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(44326);
  script_version("1.13");
  script_cvs_date("Date: 2019/01/02 16:37:56");

  script_cve_id("CVE-2009-0692");
  script_bugtraq_id(35668);
  script_xref(name:"USN", value:"803-2");

  script_name(english:"Ubuntu 8.10 / 9.04 / 9.10 : dhcp3 vulnerability (USN-803-2)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to
fix the vulnerability was not properly applied on Ubuntu 8.10 and
higher. Even with the patch improperly applied, the default compiler
options reduced the vulnerability to a denial of service.
Additionally, in Ubuntu 9.04 and higher, users were also protected by
the AppArmor dhclient3 profile. This update fixes the problem.

It was discovered that the DHCP client as included in dhcp3 did not
verify the length of certain option fields when processing a response
from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04
LTS connected to a malicious dhcp server, a remote attacker could
cause a denial of service or execute arbitrary code as the user
invoking the program, typically the 'dhcp' user. For users running
Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a
denial of service in the DHCP client. In Ubuntu 9.04, attackers would
also be isolated by the AppArmor dhclient3 profile.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/803-2/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp3-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp3-client-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp3-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp3-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp3-relay");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp3-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp3-server-ldap");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(8\.10|9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.10 / 9.04 / 9.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"8.10", pkgname:"dhcp3-client", pkgver:"3.1.1-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"dhcp3-client-udeb", pkgver:"3.1.1-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"dhcp3-common", pkgver:"3.1.1-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"dhcp3-dev", pkgver:"3.1.1-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"dhcp3-relay", pkgver:"3.1.1-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"dhcp3-server", pkgver:"3.1.1-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"dhcp3-server-ldap", pkgver:"3.1.1-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"dhcp-client", pkgver:"3.1.1-5ubuntu8.2")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"dhcp3-client", pkgver:"3.1.1-5ubuntu8.2")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"dhcp3-common", pkgver:"3.1.1-5ubuntu8.2")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"dhcp3-dev", pkgver:"3.1.1-5ubuntu8.2")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"dhcp3-relay", pkgver:"3.1.1-5ubuntu8.2")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"dhcp3-server", pkgver:"3.1.1-5ubuntu8.2")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"dhcp3-server-ldap", pkgver:"3.1.1-5ubuntu8.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"dhcp-client", pkgver:"3.1.2-1ubuntu7.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"dhcp3-client", pkgver:"3.1.2-1ubuntu7.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"dhcp3-common", pkgver:"3.1.2-1ubuntu7.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"dhcp3-dev", pkgver:"3.1.2-1ubuntu7.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"dhcp3-relay", pkgver:"3.1.2-1ubuntu7.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"dhcp3-server", pkgver:"3.1.2-1ubuntu7.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"dhcp3-server-ldap", pkgver:"3.1.2-1ubuntu7.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhcp-client / dhcp3-client / dhcp3-client-udeb / dhcp3-common / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxdhcp-clientp-cpe:/a:canonical:ubuntu_linux:dhcp-client
canonicalubuntu_linuxdhcp3-clientp-cpe:/a:canonical:ubuntu_linux:dhcp3-client
canonicalubuntu_linuxdhcp3-client-udebp-cpe:/a:canonical:ubuntu_linux:dhcp3-client-udeb
canonicalubuntu_linuxdhcp3-commonp-cpe:/a:canonical:ubuntu_linux:dhcp3-common
canonicalubuntu_linuxdhcp3-devp-cpe:/a:canonical:ubuntu_linux:dhcp3-dev
canonicalubuntu_linuxdhcp3-relayp-cpe:/a:canonical:ubuntu_linux:dhcp3-relay
canonicalubuntu_linuxdhcp3-serverp-cpe:/a:canonical:ubuntu_linux:dhcp3-server
canonicalubuntu_linuxdhcp3-server-ldapp-cpe:/a:canonical:ubuntu_linux:dhcp3-server-ldap
canonicalubuntu_linux8.10cpe:/o:canonical:ubuntu_linux:8.10
canonicalubuntu_linux9.04cpe:/o:canonical:ubuntu_linux:9.04
Rows per page:
1-10 of 111

Related

checkpoint_security 1
openvas 41
checkpoint_advisories 2
redhat 2
seebug 4
nessus 23
oraclelinux 2
cve 1
ubuntu 2
cert 1
packetstorm 1
prion 1
slackware 1
exploitpack 1
exploitdb 2
freebsd 1
gentoo 1
ubuntucve 1
threatpost 1
osv 2
fedora 3
securityvulns 4
debian 2
centos 1
suse 1
vmware 2
checkpoint_security
checkpoint_security
Check Point response to ISC DHCP dhclient buffer overflow vulnerability (CVE-2009-0692)
2009-07-14 21:00:00
openvas
openvas
FreeBSD Ports: isc-dhcp31-client
2009-07-29 00:00:00
Ubuntu Update for dhcp3 vulnerability USN-803-2
2010-01-29 00:00:00
Gentoo Security Advisory GLSA 200907-12 (dhcp)
2009-07-29 00:00:00
checkpoint_advisories
checkpoint_advisories
ISC DHCP dhclient script_write_params Stack Buffer Overflow (CVE-2009-0692)
2010-02-03 00:00:00
Preemptive Protection against DHCP Stack Overflow in 'dhclient' script_write_params()
2009-07-17 00:00:00
redhat
redhat
(RHSA-2009:1136) Critical: dhcp security update
2009-07-14 00:00:00
(RHSA-2009:1154) Critical: dhcp security update
2009-07-14 00:00:00
seebug
seebug
ISC DHCP dhclient &lt; 3.1.2p1 Remote Buffer Overflow PoC
2009-07-28 00:00:00
ISC DHCP 'dhclient' 'script_write_params()' - Stack Buffer Overflow Vulnerability
2014-07-01 00:00:00
ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability
2009-11-10 00:00:00
nessus
nessus
openSUSE Security Update : dhcp (dhcp-1067)
2009-07-21 00:00:00
SuSE 10 Security Update : dhclient (ZYPP Patch Number 6335)
2009-09-24 00:00:00
openSUSE 10 Security Update : dhcp (dhcp-6336)
2009-10-06 00:00:00
oraclelinux
oraclelinux
dhcp security update
2009-07-14 00:00:00
dhcp security update
2009-07-14 00:00:00
cve
cve
CVE-2009-0692
2009-07-14 20:30:00
ubuntu
ubuntu
dhcp vulnerability
2009-07-14 00:00:00
Dhcp vulnerability
2010-01-27 00:00:00
cert
cert
ISC DHCP dhclient stack buffer overflow
2009-07-14 00:00:00
packetstorm
packetstorm
ISC DHCP dhclient Buffer Overflow
2009-07-28 00:00:00
prion
prion
Stack overflow
2009-07-14 20:30:00
slackware
slackware
dhcp
2009-07-14 17:34:59
exploitpack
exploitpack
ISC DHCP dhclient 3.1.2p1 - Remote Buffer Overflow (PoC)
2009-07-27 00:00:00
exploitdb
exploitdb
ISC DHCP 'dhclient' 'script_write_params' - Stack Buffer Overflow Vulnerability
2009-11-10 00:00:00
ISC DHCP dhclient &lt; 3.1.2p1 - Remote Buffer Overflow (PoC)
2009-07-27 00:00:00
freebsd
freebsd
isc-dhcp-client -- Stack overflow vulnerability
2009-07-14 00:00:00
gentoo
gentoo
ISC DHCP: dhcpclient Remote execution of arbitrary code
2009-07-14 00:00:00
ubuntucve
ubuntucve
CVE-2009-0692
2009-07-14 00:00:00
threatpost
threatpost
Critical RCE Bug Found Lurking in Avaya VoIP Phones
2019-08-08 20:00:50
osv
osv
dhcp3 - arbitrary code execution
2009-07-14 00:00:00
dhcp3 - arbitrary code execution
2009-07-14 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: dhcp-4.1.0p1-4.fc11
2009-11-10 17:47:15
[SECURITY] Fedora 10 Update: dhcp-4.0.0-37.fc10
2009-08-25 22:12:17
[SECURITY] Fedora 11 Update: dhcp-4.1.0p1-6.fc11
2010-06-24 16:20:01
securityvulns
securityvulns
[Full-disclosure] [SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
2009-07-15 00:00:00
ISC DHCP client buffer overflow
2009-07-15 00:00:00
[security bulletin] HPSBMA02554 SSRT100018 rev.2 - HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service &#40;DoS&#41;, Remote Unauthorized Access
2010-07-18 00:00:00
debian
debian
[SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution
2009-08-25 19:57:28
[SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
2009-07-14 19:33:29
centos
centos
dhclient, dhcp security update
2009-07-15 19:59:01
suse
suse
remote code execution in dhcp-client
2009-07-15 16:27:03
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
JSON
Related for UBUNTU_USN-803-2.NASL
checkpoint_security1openvas41checkpoint_advisories2redhat2seebug4nessus23oraclelinux2cve1ubuntu2cert1packetstorm1prion1slackware1exploitpack1exploitdb2freebsd1gentoo1ubuntucve1threatpost1osv2fedora3securityvulns4debian2centos1suse1vmware2