10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.076 Low
EPSS
Percentile
93.5%
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows
individual devices on an IP network to get their own network configuration
information, including an IP address, a subnet mask, and a broadcast
address.
The Mandriva Linux Engineering Team discovered a stack-based buffer
overflow flaw in the ISC DHCP client. If the DHCP client were to receive a
malicious DHCP response, it could crash or execute arbitrary code with the
permissions of the client (root). (CVE-2009-0692)
An insecure temporary file use flaw was discovered in the DHCP daemon’s
init script (“/etc/init.d/dhcpd”). A local attacker could use this flaw to
overwrite an arbitrary file with the output of the “dhcpd -t” command via
a symbolic link attack, if a system administrator executed the DHCP init
script with the “configtest”, “restart”, or “reload” option.
(CVE-2009-1893)
Users of DHCP should upgrade to these updated packages, which contain
backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc | dhcp-devel | < 3.0.1-10.2_EL3 | dhcp-devel-3.0.1-10.2_EL3.ppc.rpm |
RedHat | any | ppc | dhcp | < 3.0.1-10.2_EL3 | dhcp-3.0.1-10.2_EL3.ppc.rpm |
RedHat | any | ppc | dhclient | < 3.0.1-10.2_EL3 | dhclient-3.0.1-10.2_EL3.ppc.rpm |