LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2009:154 ] dhcp Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in ISC DHCP: ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding (CVE-2009-1892). This update provides fixes for this vulnerability.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:154
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : dhcp
 Date    : July 19, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in ISC DHCP:
 
 ISC DHCP Server is vulnerable to a denial of service, caused by the
 improper handling of DHCP requests. If the host definitions are mixed
 using dhcp-client-identifier and hardware ethernet, a remote attacker
 could send specially-crafted DHCP requests to cause the server to
 stop responding (CVE-2009-1892).
 
 This update provides fixes for this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892
 http://xforce.iss.net/xforce/xfdb/51717
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 29b8a0935610d6d6d0192fe02aa302f8  2008.1/i586/dhcp-client-3.0.7-0.2mdv2008.1.i586.rpm
 12003e3d73e8e24b19688349f6ac9dee  2008.1/i586/dhcp-common-3.0.7-0.2mdv2008.1.i586.rpm
 a9af0e8028d6a63ff698e70af5aec43a  2008.1/i586/dhcp-devel-3.0.7-0.2mdv2008.1.i586.rpm
 73f9a51fc2b5a6692b854a592be9f714  2008.1/i586/dhcp-doc-3.0.7-0.2mdv2008.1.i586.rpm
 20ee01cb125211a2f8479085cc5ba83b  2008.1/i586/dhcp-relay-3.0.7-0.2mdv2008.1.i586.rpm
 359f660886b803ec247e8ee59af120a5  2008.1/i586/dhcp-server-3.0.7-0.2mdv2008.1.i586.rpm 
 ff73135449184c87f4bba6d82cf31ff1  2008.1/SRPMS/dhcp-3.0.7-0.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 7a9008113ba3bb2bd8ea56b2c20a542f  2008.1/x86_64/dhcp-client-3.0.7-0.2mdv2008.1.x86_64.rpm
 2380b88cd58a86e7a0169ba7f0d603a4  2008.1/x86_64/dhcp-common-3.0.7-0.2mdv2008.1.x86_64.rpm
 7f27140edfbb3bdf3d8ed5e9c1b0920f  2008.1/x86_64/dhcp-devel-3.0.7-0.2mdv2008.1.x86_64.rpm
 20dbd08ae173f66a650089f6d6386c3f  2008.1/x86_64/dhcp-doc-3.0.7-0.2mdv2008.1.x86_64.rpm
 bfc0548cf71d25ecac28291fe68fdbdc  2008.1/x86_64/dhcp-relay-3.0.7-0.2mdv2008.1.x86_64.rpm
 97dea3fb3ae4f36c391886774cce151d  2008.1/x86_64/dhcp-server-3.0.7-0.2mdv2008.1.x86_64.rpm 
 ff73135449184c87f4bba6d82cf31ff1  2008.1/SRPMS/dhcp-3.0.7-0.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 2f69ac19c6cf2b28abaa9896d9780d61  2009.0/i586/dhcp-client-3.0.7-1.4mdv2009.0.i586.rpm
 17495906e37600d564136da9f6630aff  2009.0/i586/dhcp-common-3.0.7-1.4mdv2009.0.i586.rpm
 40a2a1567311125891524f7ab78a00c8  2009.0/i586/dhcp-devel-3.0.7-1.4mdv2009.0.i586.rpm
 6aab312f879917e5ad18b8d71a2c01fc  2009.0/i586/dhcp-doc-3.0.7-1.4mdv2009.0.i586.rpm
 5cb02b748989146b23d16fd4f652f41d  2009.0/i586/dhcp-relay-3.0.7-1.4mdv2009.0.i586.rpm
 3840694bb31b4a3fcfe0831f2e3df6de  2009.0/i586/dhcp-server-3.0.7-1.4mdv2009.0.i586.rpm 
 a7043fae8204b185a29f58df4368701c  2009.0/SRPMS/dhcp-3.0.7-1.4mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b2c5a8403220d7ecb023825c46b0258b  2009.0/x86_64/dhcp-client-3.0.7-1.4mdv2009.0.x86_64.rpm
 36658f344a6fb8a59714e1c6ea1b4bdd  2009.0/x86_64/dhcp-common-3.0.7-1.4mdv2009.0.x86_64.rpm
 3174da37f260dbcd73656a8f0248d3b5  2009.0/x86_64/dhcp-devel-3.0.7-1.4mdv2009.0.x86_64.rpm
 e4ae61d08c4e1f43c28351164204b685  2009.0/x86_64/dhcp-doc-3.0.7-1.4mdv2009.0.x86_64.rpm
 3c5998087fa8f08337d588262742ca87  2009.0/x86_64/dhcp-relay-3.0.7-1.4mdv2009.0.x86_64.rpm
 a5cfbe4e11c79d5ed56381b8dbf4185b  2009.0/x86_64/dhcp-server-3.0.7-1.4mdv2009.0.x86_64.rpm 
 a7043fae8204b185a29f58df4368701c  2009.0/SRPMS/dhcp-3.0.7-1.4mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 7ee14bb6be785f85466aa3295ef38c95  2009.1/i586/dhcp-client-4.1.0-5.2mdv2009.1.i586.rpm
 bae2305f153533012fc0ac75f21f51e0  2009.1/i586/dhcp-common-4.1.0-5.2mdv2009.1.i586.rpm
 670d4f9f86ac82bbabd5b1724ebb3523  2009.1/i586/dhcp-devel-4.1.0-5.2mdv2009.1.i586.rpm
 50e0b3512a0a1020fff852bf6d7d7a24  2009.1/i586/dhcp-doc-4.1.0-5.2mdv2009.1.i586.rpm
 774d4b4217b6ee8245d2eead10727965  2009.1/i586/dhcp-relay-4.1.0-5.2mdv2009.1.i586.rpm
 91f3f111a6114f4a8a548018ca6ee997  2009.1/i586/dhcp-server-4.1.0-5.2mdv2009.1.i586.rpm 
 c4c0602219cde4f9c26083133d44aad2  2009.1/SRPMS/dhcp-4.1.0-5.2mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 507e724bc7f2409ced3ed30d107ecaf1  2009.1/x86_64/dhcp-client-4.1.0-5.2mdv2009.1.x86_64.rpm
 3741f852b50138ced6c9264d26ef481d  2009.1/x86_64/dhcp-common-4.1.0-5.2mdv2009.1.x86_64.rpm
 401fa1872372bde23e68c18204d6612e  2009.1/x86_64/dhcp-devel-4.1.0-5.2mdv2009.1.x86_64.rpm
 db3408468c018f848802b86258a7d9a0  2009.1/x86_64/dhcp-doc-4.1.0-5.2mdv2009.1.x86_64.rpm
 9ff8a987bcac37069165abbb7a2b92d8  2009.1/x86_64/dhcp-relay-4.1.0-5.2mdv2009.1.x86_64.rpm
 8e2793c3291e9d74a0410ac1840d3209  2009.1/x86_64/dhcp-server-4.1.0-5.2mdv2009.1.x86_64.rpm 
 c4c0602219cde4f9c26083133d44aad2  2009.1/SRPMS/dhcp-4.1.0-5.2mdv2009.1.src.rpm

 Corporate 3.0:
 2579fe8deb344508689512055ce29dfd  corporate/3.0/i586/dhcp-client-3.0.7-0.2.C30mdk.i586.rpm
 52e8b83eb436a4dd8025323d6759820b  corporate/3.0/i586/dhcp-common-3.0.7-0.2.C30mdk.i586.rpm
 bf9acc7b5bd780c0c2d3f6d3b3fa7ed2  corporate/3.0/i586/dhcp-devel-3.0.7-0.2.C30mdk.i586.rpm
 f51db709432cec0a7ecac00de92ab231  corporate/3.0/i586/dhcp-relay-3.0.7-0.2.C30mdk.i586.rpm
 3b0fafff03d3d9db2ada308209309399  corporate/3.0/i586/dhcp-server-3.0.7-0.2.C30mdk.i586.rpm 
 f7739f068a0e4ef3eec1efad80261260  corporate/3.0/SRPMS/dhcp-3.0.7-0.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 69378a890175f223a0dde1aab0b160fa  corporate/3.0/x86_64/dhcp-client-3.0.7-0.2.C30mdk.x86_64.rpm
 6069ef3f209e12a8729dd1d213ccea51  corporate/3.0/x86_64/dhcp-common-3.0.7-0.2.C30mdk.x86_64.rpm
 354a030572b687e588cc32ecae459445  corporate/3.0/x86_64/dhcp-devel-3.0.7-0.2.C30mdk.x86_64.rpm
 1f2c28cde682364a96024c759ab3041d  corporate/3.0/x86_64/dhcp-relay-3.0.7-0.2.C30mdk.x86_64.rpm
 39cf0fdc29104dead281194bcce6ebf4  corporate/3.0/x86_64/dhcp-server-3.0.7-0.2.C30mdk.x86_64.rpm 
 f7739f068a0e4ef3eec1efad80261260  corporate/3.0/SRPMS/dhcp-3.0.7-0.2.C30mdk.src.rpm

 Corporate 4.0:
 2d7b13de179919ebb3b2c18ffb55fadc  corporate/4.0/i586/dhcp-client-3.0.7-0.2.20060mlcs4.i586.rpm
 4598ba0cb20aa6d71a95621af0054ce6  corporate/4.0/i586/dhcp-common-3.0.7-0.2.20060mlcs4.i586.rpm
 edabf8ebf430c4530bd4a36cc706db63  corporate/4.0/i586/dhcp-devel-3.0.7-0.2.20060mlcs4.i586.rpm
 e22bab6c0be555d4176cea8c62ec7797  corporate/4.0/i586/dhcp-relay-3.0.7-0.2.20060mlcs4.i586.rpm
 8c128994103f0ad20d53aad8e64df664  corporate/4.0/i586/dhcp-server-3.0.7-0.2.20060mlcs4.i586.rpm 
 ec90d04613959422efe01bc805bf8e41  corporate/4.0/SRPMS/dhcp-3.0.7-0.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5b35010c5c9b174d844e8c1c670a5db6  corporate/4.0/x86_64/dhcp-client-3.0.7-0.2.20060mlcs4.x86_64.rpm
 22ca67c56b3d5c81ddf550638c7d1a00  corporate/4.0/x86_64/dhcp-common-3.0.7-0.2.20060mlcs4.x86_64.rpm
 ee1de9b3cc4735f72c5a33a6f15c863f  corporate/4.0/x86_64/dhcp-devel-3.0.7-0.2.20060mlcs4.x86_64.rpm
 df66aefcba6b66187e671e6b13cdc887  corporate/4.0/x86_64/dhcp-relay-3.0.7-0.2.20060mlcs4.x86_64.rpm
 037458794aa93eea510a8223d8356caf  corporate/4.0/x86_64/dhcp-server-3.0.7-0.2.20060mlcs4.x86_64.rpm 
 ec90d04613959422efe01bc805bf8e41  corporate/4.0/SRPMS/dhcp-3.0.7-0.2.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 c62d66b4516d4c6931cc259ff633ee56  mnf/2.0/i586/dhcp-client-3.0.7-0.2.C30mdk.i586.rpm
 b8b9c87d7c001e4a4fd33b0c1cb04f4f  mnf/2.0/i586/dhcp-common-3.0.7-0.2.C30mdk.i586.rpm
 f01dd6a858f26a79fcc1b63cc6b076cb  mnf/2.0/i586/dhcp-devel-3.0.7-0.2.C30mdk.i586.rpm
 d7bc28fced326d7c6b454b2b62e231fc  mnf/2.0/i586/dhcp-relay-3.0.7-0.2.C30mdk.i586.rpm
 376a2b3929f94a2a2908f0f3ffc8be50  mnf/2.0/i586/dhcp-server-3.0.7-0.2.C30mdk.i586.rpm 
 7f671665f3b7c2eb2fe912aafe7a669f  mnf/2.0/SRPMS/dhcp-3.0.7-0.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
Hackers target unclassified White House network
BYOD: Why the biggest security worry is the fool within rather than the enemy without
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.