logo
DATABASE RESOURCES PRICING ABOUT US

VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues

Description

a. Service Console update for DHCP and third party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network. A stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue. An insecure temporary file use flaw was discovered in the DHCP daemon's init script ("/etc/init.d/dhcpd"). A local attacker could use this flaw to overwrite an arbitrary file with the output of the "dhcpd -t" command via a symbolic link attack, if a system administrator executed the DHCP init script with the "configtest", "restart", or "reload" option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1893 to this issue. The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available.


Related