Debian: dhcp remote root exploit
Posted by LinuxSecurity.com Team   
Debian The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2 (potato) are vulnerable to a root exploit.
-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             security@debian.org
http://www.debian.org/security/                            Michael Stone
June 27, 2000
- ------------------------------------------------------------------------

Package: dhcp-client-beta (dhcp-client)
Vulnerability type: remote root exploit
Debian-specific: no

The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2
(potato) are vulnerable to a root exploit. The OpenBSD team reports that the
client inappropriately executes commands embedded in replies sent from a dhcp
server. This means that a malicious dhcp server can execute commands on the
client with root privilages. 

The reported vulnerability is fixed in the package dhcp-client-beta
2.0b1pl6-0.3 for the current stable release (debian 2.1) and in dhcp-client
2.0-3potato1 for the frozen pre-release (debian 2.2). The dhcp server and relay
agents are built from the same source as the client; however, the server and
relay agents are not vulnerable to this issue and do not need to be upgraded.
We recommend upgrading your dhcp-client-beta and dhcp-client immediately.


wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel ia32, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  Source archives:
    http://security.debian.org/dists/stable/updates/source/dhcp-beta_2.0b1pl6-0.3.diff.gz
      MD5 checksum: 90e5a3d2e299aad278b10186b02c1d7b
    http://security.debian.org/dists/stable/updates/source/dhcp-beta_2.0b1pl6-0.3.dsc
      MD5 checksum: 9d15d1043a092b103fdbac2827470d5b
    http://security.debian.org/dists/stable/updates/source/dhcp-beta_2.0b1pl6.orig.tar.gz
      MD5 checksum: 2b63a90b272f087afb24c8f4ca72d3bd

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/binary-alpha/dhcp-beta_2.0b1pl6-0.3_alpha.deb
      MD5 checksum: 668d2f48562297d8e5e4d30ac2f81914
    http://security.debian.org/dists/stable/updates/binary-alpha/dhcp-client-beta_2.0b1pl6-0.3_alpha.deb
      MD5 checksum: c3966535396dc550408eb8f0544fab34
    http://security.debian.org/dists/stable/updates/binary-alpha/dhcp-relay-beta_2.0b1pl6-0.3_alpha.deb
      MD5 checksum: ba634900487c740efc262b323dc97d98

  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/binary-i386/dhcp-beta_2.0b1pl6-0.3_i386.deb
      MD5 checksum: e499e80e9906c7e412df40a75a16ece4
    http://security.debian.org/dists/stable/updates/binary-i386/dhcp-client-beta_2.0b1pl6-0.3_i386.deb
      MD5 checksum: c139d79a9f4a19e12c36108897b8335c
    http://security.debian.org/dists/stable/updates/binary-i386/dhcp-relay-beta_2.0b1pl6-0.3_i386.deb
      MD5 checksum: 0040eba75e437b961070218e7c8c2949

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/binary-m68k/dhcp-beta_2.0b1pl6-0.3_m68k.deb
      MD5 checksum: 4027b4da37034c63612678c16743864e
    http://security.debian.org/dists/stable/updates/binary-m68k/dhcp-client-beta_2.0b1pl6-0.3_m68k.deb
      MD5 checksum: 4b6ef60ff3b93ffa8d4ebe03d5dac4db
    http://security.debian.org/dists/stable/updates/binary-m68k/dhcp-relay-beta_2.0b1pl6-0.3_m68k.deb
      MD5 checksum: 232876b42a696989e6a3aff2214596ac

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/binary-sparc/dhcp-beta_2.0b1pl6-0.3_sparc.deb
      MD5 checksum: 68f64e910a56e229bf06ab7f4bbae58d
    http://security.debian.org/dists/stable/updates/binary-sparc/dhcp-client-beta_2.0b1pl6-0.3_sparc.deb
      MD5 checksum: 1aec24648990145058166416e08c3648
    http://security.debian.org/dists/stable/updates/binary-sparc/dhcp-relay-beta_2.0b1pl6-0.3_sparc.deb
      MD5 checksum: c5af416bb6c447ea9fb531cf8b3ddddd

  These files will be moved into
  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Please note that potato has not been released yet. However since it is in
  the final stages of the release process security updates are already being
  distributed.

  Source archives:
    http://security.debian.org/dists/potato/updates/main/source/dhcp_2.0-3potato1.diff.gz
      MD5 checksum: 40d365a28b6278cdeea7208ca06b1bde
    http://security.debian.org/dists/potato/updates/main/source/dhcp_2.0-3potato1.dsc
      MD5 checksum: 31a4060c49ef699ddfb2d431450a8993
    http://security.debian.org/dists/potato/updates/main/source/dhcp_2.0.orig.tar.gz
      MD5 checksum: eff5d5359a50f878e4c0da082bf10475

  Alpha architecture:
    http://security.debian.org/dists/potato/updates/main/binary-alpha/dhcp-client_2.0-3potato1_alpha.deb
      MD5 checksum: b4d9ca359de9bdcffaad04ff9683b262
    http://security.debian.org/dists/potato/updates/main/binary-alpha/dhcp-relay_2.0-3potato1_alpha.deb
      MD5 checksum: 1c790b774617f1434c1be8215090c3e9
    http://security.debian.org/dists/potato/updates/main/binary-alpha/dhcp_2.0-3potato1_alpha.deb
      MD5 checksum: 4d67ac7c8dabbe24df698ab322862480

  ARM architecture:
    http://security.debian.org/dists/potato/updates/main/binary-arm/dhcp-client_2.0-3potato1_arm.deb
      MD5 checksum: 5bf5b55723279bd632b93368ed2bcfcb
    http://security.debian.org/dists/potato/updates/main/binary-arm/dhcp-relay_2.0-3potato1_arm.deb
      MD5 checksum: a50aef6eeca2f268bb824b6a46375d0c
    http://security.debian.org/dists/potato/updates/main/binary-arm/dhcp_2.0-3potato1_arm.deb
      MD5 checksum: 1a01cbd7073e45aee598377645a752bf
    http://security.debian.org/dists/potato/updates/main/binary-arm/wu-ftpd_2.6.0-5.1_arm.deb
      MD5 checksum: 9faeaec3a831510179c4e3a6ea50ff52

  Intel ia32 architecture:
    http://security.debian.org/dists/potato/updates/main/binary-i386/dhcp-client_2.0-3potato1_i386.deb
      MD5 checksum: 73c893f4c87c20a48607fda52d34d7da
    http://security.debian.org/dists/potato/updates/main/binary-i386/dhcp-relay_2.0-3potato1_i386.deb
      MD5 checksum: b18ca08c0e0c3ceed171c08c881730c3
    http://security.debian.org/dists/potato/updates/main/binary-i386/dhcp_2.0-3potato1_i386.deb
      MD5 checksum: da3735ce715897893c88cfb7539749bf

  Motorola 680x0 architecture:
    http://security.debian.org/dists/potato/updates/main/binary-m68k/dhcp-client_2.0-3potato1_m68k.deb
      MD5 checksum: 7893850b9ed93ae41014dcba451530c3
    http://security.debian.org/dists/potato/updates/main/binary-m68k/dhcp-relay_2.0-3potato1_m68k.deb
      MD5 checksum: 64a03a6a18de8c3f51737dbdea674271
    http://security.debian.org/dists/potato/updates/main/binary-m68k/dhcp_2.0-3potato1_m68k.deb
      MD5 checksum: 4006f5fbe178e3e008d03a9b945880db

  PowerPC architecture:
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/dhcp-client_2.0-3potato1_powerpc.deb
      MD5 checksum: f24bde7e97de3241ba3684cc027a5854
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/dhcp-relay_2.0-3potato1_powerpc.deb
      MD5 checksum: 5ad85017bae30f087c353653352f64f0
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/dhcp_2.0-3potato1_powerpc.deb
      MD5 checksum: e15b22f787231cf0f368d16932025a5c

  Sun Sparc architecture:
    http://security.debian.org/dists/potato/updates/main/binary-sparc/dhcp-client_2.0-3potato1_sparc.deb
      MD5 checksum: 464e251bbe127d25e3812d2edca4b3d6
    http://security.debian.org/dists/potato/updates/main/binary-sparc/dhcp-relay_2.0-3potato1_sparc.deb
      MD5 checksum: 5c7a405a8bf604114c9b16ebad69aee1
    http://security.debian.org/dists/potato/updates/main/binary-sparc/dhcp_2.0-3potato1_sparc.deb
      MD5 checksum: 862808cee5fb3c8c025641cffb3f01f7

- ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOVok+KjZR/ntlUftAQEntwL+N8eMiJAVXoRA0WO9tKno7i+on9dCe/tw
R3I+yhEiWIg4MbNCkTdhQltNtV4936LrCAF0av38AlepA1Tm8BhxZQyyU6izGIM9
HPIuHQ70BhmRnHOacBUWq4BoBU11gIVp
=v5Q9
-----END PGP SIGNATURE-----