logo
DATABASE RESOURCES PRICING ABOUT US

dhcp3 - arbitrary code execution

Description

Several remote vulnerabilities have been discovered in ISC's DHCP implementation: * [CVE-2009-0692](https://security-tracker.debian.org/tracker/CVE-2009-0692) It was discovered that dhclient does not properly handle overlong subnet mask options, leading to a stack-based buffer overflow and possible arbitrary code execution. * [CVE-2009-1892](https://security-tracker.debian.org/tracker/CVE-2009-1892) Christoph Biedl discovered that the DHCP server may terminate when receiving certain well-formed DHCP requests, provided that the server configuration mixes host definitions using "dhcp-client-identifier" and "hardware ethernet". This vulnerability only affects the lenny versions of dhcp3-server and dhcp3-server-ldap. For the old stable distribution (etch), these problems have been fixed in version 3.0.4-13+etch2. For the stable distribution (lenny), this problem has been fixed in version 3.1.1-6+lenny2. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your dhcp3 packages.


Affected Software


CPE Name Name Version
dhcp3 3.1.1-6
dhcp3 3.1.1-6+lenny2

Related