7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
The patch used to correct the DHCP server buffer overflow in DSA-1388-1
was incomplete and did not adequately resolve the problem. This update
to the previous advisory makes updated packages based on a
newer version of the patch available.
For completeness, please find below the original advisory:
It was discovered that dhcp, a DHCP server for automatic IP address assignment,
didnโt correctly allocate space for network replies. This could potentially
allow a malicious DHCP client to execute arbitrary code upon the DHCP server.
For the stable distribution (etch), this problem has been fixed in
version 2.0pl5-19.5etch2.
For the unstable distribution (sid), this problem will be fixed shortly.
Updates to the old stable version (sarge) are pending.
We recommend that you upgrade your dhcp packages.
CPE | Name | Operator | Version |
---|---|---|---|
dhcp | eq | 2.0pl5-19.1 | |
dhcp | eq | 2.0pl5-19.1sarge2 |