Lucene search
SuseSUSE-SA:2009:037HistoryJul 15, 2009 - 4:27 p.m.
remote code execution in dhcp-client
2009-07-1516:27:03
lists.opensuse.org
24
0.282 Low
EPSS
Percentile
96.3%
The DHCP client (dhclient) could be crashed by a malicious DHCP server sending an overlong subnet field (CVE-2009-0692). In theory a malicious DHCP server could exploit the flaw to execute arbitrary code as root on machines using dhclient to obtain network settings. Newer distributions (SLES10+, openSUSE) do have buffer overflow checking that guards against this kind of stack overflow though. So actual exploitability is rather unlikely.
Solution
There is no known workaround, please install the update packages.
Related
openvas
openvas
SUSE: Security Advisory for dhcp-client (SUSE-SA:2009:037)
2009-07-29 00:00:00
SuSE Security Advisory SUSE-SA:2009:037 (dhcp-client)
2009-07-29 00:00:00
SLES9: Security update for ruby
2009-10-10 00:00:00
nessus
nessus
SuSE 10 Security Update : ruby (ZYPP Patch Number 6338)
2011-01-27 00:00:00
SuSE9 Security Update : ruby (YOU Patch Number 12452)
2009-09-24 00:00:00
SuSE 11 Security Update : ruby (SAT Patch Number 1073)
2009-09-24 00:00:00
oraclelinux
oraclelinux
ruby security update
2008-10-21 00:00:00
ruby security update
2008-10-21 00:00:00
ruby security update
2009-07-02 00:00:00
debian
debian
[SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities
2008-10-12 09:37:58
[SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities
2008-10-12 09:36:52
[SECURITY] [DSA 1823-1] New samba packages fix several vulnerabilities
2009-06-25 19:08:42
osv
osv
ruby1.8 - several vulnerabilities
2008-10-12 00:00:00
ruby1.9 - several vulnerabilities
2008-10-12 00:00:00
samba - several vulnerabilities
2009-06-25 00:00:00
redhat
redhat
(RHSA-2008:0897) Moderate: ruby security update
2008-10-21 00:00:00
(RHSA-2008:0896) Moderate: ruby security update
2008-10-21 00:00:00
(RHSA-2008:0895) Moderate: ruby security update
2008-10-21 00:00:00
centos
centos
irb, ruby security update
2008-10-24 00:04:31
irb, ruby security update
2008-10-21 16:06:28
irb, ruby security update
2008-10-22 04:31:37
ubuntu
ubuntu
Ruby vulnerabilities
2008-10-10 00:00:00
Ruby vulnerability
2008-12-16 00:00:00
Ruby vulnerabilities
2009-07-20 00:00:00
freebsd
freebsd
ruby -- DoS vulnerability in WEBrick
2008-08-08 00:00:00
ruby -- multiple vulnerabilities in safe level
2008-08-08 00:00:00
ruby -- BigDecimal denial of service vulnerability
2009-06-09 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1823-1] New samba packages fix several vulnerabilities
2009-06-26 00:00:00
Samba security vulnerabilities
2009-06-26 00:00:00
Ruby DoS
2009-06-29 00:00:00
seebug
seebug
Samba格式串和安全绕过漏洞
2009-06-25 00:00:00
Ruby BigDecimal库拒绝服务漏洞
2009-06-18 00:00:00
ISC DHCP dhclient < 3.1.2p1 Remote Buffer Overflow PoC
2009-07-28 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: ruby-1.8.6.287-2.fc9
2008-10-09 21:29:45
[SECURITY] Fedora 10 Update: ruby-1.8.6.368-2.fc10
2009-12-11 18:18:17
[SECURITY] Fedora 8 Update: ruby-1.8.6.287-2.fc8
2008-10-09 21:35:31
gentoo
gentoo
Ruby: Multiple vulnerabilities
2008-12-16 00:00:00
cve
cve
ubuntucve
ubuntucve
prion
prion
Code injection
2009-06-25 01:30:00
Privilege escalation
2008-08-27 20:41:00
Format string
2009-06-25 01:30:00
veracode
veracode
Unauthorized Access Control Modification
2020-04-10 00:39:56
samba
samba
Formatstring vulnerability in smbclient
2009-06-23 00:00:00
Uninitialized read of a data value
2009-06-23 00:00:00
debiancve
debiancve
CVE-2009-1886
2009-06-25 01:30:00
CVE-2009-1888
2009-06-25 01:30:00
checkpoint_advisories
checkpoint_advisories
ISC DHCP dhclient script_write_params Stack Buffer Overflow (CVE-2009-0692)
2010-02-03 00:00:00
cert
cert
ISC DHCP dhclient stack buffer overflow
2009-07-14 00:00:00
exploitpack
exploitpack
ISC DHCP dhclient 3.1.2p1 - Remote Buffer Overflow (PoC)
2009-07-27 00:00:00