Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2009-195-01
HistoryJul 14, 2009 - 5:34 p.m.

dhcp

2009-07-1417:34:59
Slackware Linux Project
www.slackware.com
27

0.076 Low

EPSS

Percentile

93.5%

JSON

New dhcp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, 12.1, 12.2, and -current to fix a security issue with dhclient.

Note that dhclient is not the default DHCP client in Slackware’s networking
scripts, dhcpcd is. However, if you use dhclient on a network where someone
could deploy a hostile DHCP server, you should upgrade to the new package.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692

Here are the details from the Slackware 12.2 ChangeLog:

patches/packages/dhcp-3.1.2p1-i486-1_slack12.2.tgz: Upgraded.
A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
(* Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/dhcp-3.1.2p1-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/dhcp-3.1.2p1-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/dhcp-3.1.2p1-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/dhcp-3.1.2p1-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/dhcp-3.1.2p1-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/dhcp-3.1.2p1-i486-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/dhcp-3.1.2p1-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/dhcp-3.1.2p1-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/dhcp-3.1.2p1-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/dhcp-3.1.2p1-i486-1_slack12.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dhcp-3.1.2p1-i486-1.txz

Updated package for Slackware64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dhcp-3.1.2p1-x86_64-1.txz

MD5 signatures:

Slackware 8.1 package:
01143b6e39f09c606f962c79b6437598 dhcp-3.1.2p1-i386-1_slack8.1.tgz

Slackware 9.0 package:
93492796e78bc44e8ad92185ea65083b dhcp-3.1.2p1-i386-1_slack9.0.tgz

Slackware 9.1 package:
88c3c2242439b838f99c6e518db4a28e dhcp-3.1.2p1-i486-1_slack9.1.tgz

Slackware 10.0 package:
e0ebe048f8e655cd9cd0e2767b4da486 dhcp-3.1.2p1-i486-1_slack10.0.tgz

Slackware 10.1 package:
ac2ada2ca250bbd21872dd58b4775c77 dhcp-3.1.2p1-i486-1_slack10.1.tgz

Slackware 10.2 package:
33a95808d59b77e9fb83635478d5ea2f dhcp-3.1.2p1-i486-1_slack10.2.tgz

Slackware 11.0 package:
e02bb8e11adeecc44b0f5d38cb06bdf3 dhcp-3.1.2p1-i486-1_slack11.0.tgz

Slackware 12.0 package:
309a1a3140899da2d9bf8405cee04a30 dhcp-3.1.2p1-i486-1_slack12.0.tgz

Slackware 12.1 package:
99be31135ef2b815ae4ac7eb2705abcf dhcp-3.1.2p1-i486-1_slack12.1.tgz

Slackware 12.2 package:
967911d55d67c85ae4d61828c3e5859a dhcp-3.1.2p1-i486-1_slack12.2.tgz

Slackware -current package:
5b328e631b47e61433d347b1836e07d6 dhcp-3.1.2p1-i486-1.txz

Slackware64 -current package:
b4e120017ff3a0b4a21e7fd832c6216c dhcp-3.1.2p1-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg dhcp-3.1.2p1-i486-1_slack12.2.tgz

Related

checkpoint_advisories 2
redhat 2
seebug 4
nessus 24
openvas 41
oraclelinux 2
cve 1
cert 1
ubuntu 2
checkpoint_security 1
exploitpack 1
packetstorm 1
prion 1
exploitdb 2
freebsd 1
gentoo 1
ubuntucve 1
threatpost 1
osv 2
fedora 3
securityvulns 4
debian 2
centos 1
suse 1
vmware 2
checkpoint_advisories
checkpoint_advisories
ISC DHCP dhclient script_write_params Stack Buffer Overflow (CVE-2009-0692)
2010-02-03 00:00:00
Preemptive Protection against DHCP Stack Overflow in 'dhclient' script_write_params()
2009-07-17 00:00:00
redhat
redhat
(RHSA-2009:1136) Critical: dhcp security update
2009-07-14 00:00:00
(RHSA-2009:1154) Critical: dhcp security update
2009-07-14 00:00:00
seebug
seebug
ISC DHCP dhclient < 3.1.2p1 Remote Buffer Overflow PoC
2009-07-28 00:00:00
ISC DHCP 'dhclient' 'script_write_params()' - Stack Buffer Overflow Vulnerability
2014-07-01 00:00:00
ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability
2009-11-10 00:00:00
nessus
nessus
openSUSE Security Update : dhcp (dhcp-1067)
2009-07-21 00:00:00
FreeBSD : isc-dhcp-client -- Stack overflow vulnerability (c444c8b7-7169-11de-9ab7-000c29a67389)
2009-07-16 00:00:00
Oracle Linux 4 : dhcp (ELSA-2009-1136)
2013-07-12 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200907-12 (dhcp)
2009-07-29 00:00:00
RedHat Security Advisory RHSA-2009:1136
2009-07-29 00:00:00
Slackware Advisory SSA:2009-195-01 dhcp
2012-09-11 00:00:00
oraclelinux
oraclelinux
dhcp security update
2009-07-14 00:00:00
dhcp security update
2009-07-14 00:00:00
cve
cve
CVE-2009-0692
2009-07-14 20:30:00
cert
cert
ISC DHCP dhclient stack buffer overflow
2009-07-14 00:00:00
ubuntu
ubuntu
dhcp vulnerability
2009-07-14 00:00:00
Dhcp vulnerability
2010-01-27 00:00:00
checkpoint_security
checkpoint_security
Check Point response to ISC DHCP dhclient buffer overflow vulnerability (CVE-2009-0692)
2009-07-14 21:00:00
exploitpack
exploitpack
ISC DHCP dhclient 3.1.2p1 - Remote Buffer Overflow (PoC)
2009-07-27 00:00:00
packetstorm
packetstorm
ISC DHCP dhclient Buffer Overflow
2009-07-28 00:00:00
prion
prion
Stack overflow
2009-07-14 20:30:00
exploitdb
exploitdb
ISC DHCP 'dhclient' 'script_write_params' - Stack Buffer Overflow Vulnerability
2009-11-10 00:00:00
ISC DHCP dhclient < 3.1.2p1 - Remote Buffer Overflow (PoC)
2009-07-27 00:00:00
freebsd
freebsd
isc-dhcp-client -- Stack overflow vulnerability
2009-07-14 00:00:00
gentoo
gentoo
ISC DHCP: dhcpclient Remote execution of arbitrary code
2009-07-14 00:00:00
ubuntucve
ubuntucve
CVE-2009-0692
2009-07-14 00:00:00
threatpost
threatpost
Critical RCE Bug Found Lurking in Avaya VoIP Phones
2019-08-08 20:00:50
osv
osv
dhcp3 - arbitrary code execution
2009-07-14 00:00:00
dhcp3 - arbitrary code execution
2009-07-14 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: dhcp-4.1.0p1-4.fc11
2009-11-10 17:47:15
[SECURITY] Fedora 10 Update: dhcp-4.0.0-37.fc10
2009-08-25 22:12:17
[SECURITY] Fedora 11 Update: dhcp-4.1.0p1-6.fc11
2010-06-24 16:20:01
securityvulns
securityvulns
[Full-disclosure] [SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
2009-07-15 00:00:00
ISC DHCP client buffer overflow
2009-07-15 00:00:00
[security bulletin] HPSBMA02554 SSRT100018 rev.2 - HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service (DoS), Remote Unauthorized Access
2010-07-18 00:00:00
debian
debian
[SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution
2009-08-25 19:57:28
[SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
2009-07-14 19:33:29
centos
centos
dhclient, dhcp security update
2009-07-15 19:59:01
suse
suse
remote code execution in dhcp-client
2009-07-15 16:27:03
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00

0.076 Low

EPSS

Percentile

93.5%

JSON
Related for SSA-2009-195-01
checkpoint_advisories2redhat2seebug4nessus24openvas41oraclelinux2cve1cert1ubuntu2checkpoint_security1exploitpack1packetstorm1prion1exploitdb2freebsd1gentoo1ubuntucve1threatpost1osv2fedora3securityvulns4debian2centos1suse1vmware2