Lucene search

K
ubuntuUbuntuUSN-803-1
HistoryJul 14, 2009 - 12:00 a.m.

dhcp vulnerability

2009-07-1400:00:00
ubuntu.com
47

7.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

94.0%

Releases

  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 6.06

Packages

  • dhcp3 -

Details

It was discovered that the DHCP client as included in dhcp3 did not verify
the length of certain option fields when processing a response from an IPv4
dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a
malicious dhcp server, a remote attacker could cause a denial of service or
execute arbitrary code as the user invoking the program, typically the
‘dhcp’ user. For users running Ubuntu 8.10 or 9.04, a remote attacker
should only be able to cause a denial of service in the DHCP client. In
Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3
profile.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.04noarchdhcp3-client< 3.1.1-5ubuntu8.1UNKNOWN
Ubuntu9.04noarchdhcp3-client< udeb-3.1.1-5ubuntu8.1UNKNOWN
Ubuntu9.04noarchdhcp3-common< 3.1.1-5ubuntu8.1UNKNOWN
Ubuntu9.04noarchdhcp3-dev< 3.1.1-5ubuntu8.1UNKNOWN
Ubuntu9.04noarchdhcp3-relay< 3.1.1-5ubuntu8.1UNKNOWN
Ubuntu9.04noarchdhcp3-server< 3.1.1-5ubuntu8.1UNKNOWN
Ubuntu9.04noarchdhcp3-server< ldap-3.1.1-5ubuntu8.1UNKNOWN
Ubuntu9.04noarchdhcp3-client-udeb< 3.1.1-5ubuntu8.1UNKNOWN
Ubuntu8.10noarchdhcp3-client< 3.1.1-1ubuntu2.1UNKNOWN
Ubuntu8.10noarchdhcp3-client< udeb-3.1.1-1ubuntu2.1UNKNOWN
Rows per page:
1-10 of 291

7.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

94.0%