The Dynamic Host Configuration Protocol (DHCP) server is used to configure clients that dynamically connect to a network (WLAN hotspots, customer networks, …). The CERT informed us about a buffer overflow in the logging code of the server that can be triggered by a malicious client by supplying multiple hostnames. The hostname strings are concatenated and copied in a fixed size buffer without checking the buffer bounds. Other possible buffer overflow conditions exist in using vsprintf() instead of vsnprintf(). This behavior can be configured during compile- time. The dhcp/dhcp-server package coming with SUSE LINUX used the vulnerable vsprintf() function.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.1 | x86_64 | dhcp-server | < 3.0.1rc13-28.15 | dhcp-server-3.0.1rc13-28.15.x86_64.rpm |
openSUSE | 9.0 | i586 | dhcp-server | < 3.0.1rc12-71 | dhcp-server-3.0.1rc12-71.i586.rpm |
openSUSE | 9.0 | x86_64 | dhcp-server | < 3.0.1rc12-71 | dhcp-server-3.0.1rc12-71.x86_64.rpm |
openSUSE | 8.2 | i586 | dhcp-server | < 3.0.1rc10-61 | dhcp-server-3.0.1rc10-61.i586.rpm |
openSUSE | 8.1 | i586 | dhcp-server | < 3.0.1rc9-144 | dhcp-server-3.0.1rc9-144.i586.rpm |
openSUSE | 8.0 | i386 | dhcp-server | < 3.0.1rc6-22 | dhcp-server-3.0.1rc6-22.i386.rpm |
openSUSE | 9.1 | i586 | dhcp-server | < 3.0.1rc13-28.15 | dhcp-server-3.0.1rc13-28.15.i586.rpm |