From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KQpU4-0005nW-5I for garchives@archives.gentoo.org; Wed, 06 Aug 2008 20:19:48 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BB352E05D0; Wed, 6 Aug 2008 20:18:16 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id E1661E0582 for ; Wed, 6 Aug 2008 20:16:45 +0000 (UTC) Received: from [192.168.2.101] (p5B28FC0F.dip.t-dialin.net [91.40.252.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 573C065E9F; Wed, 6 Aug 2008 20:16:44 +0000 (UTC) Message-ID: <489A06A3.4050703@gentoo.org> Date: Wed, 06 Aug 2008 22:16:35 +0200 From: Tobias Heinlein User-Agent: Mutt/1.5.16 (2007-06-09) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org MIME-Version: 1.0 To: gentoo-announce@gentoo.org CC: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security-alerts@linuxsecurity.com Subject: [gentoo-announce] [ GLSA 200808-05 ] ISC DHCP: Denial of Service OpenPGP: id=9CE3CA91 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig7889D061B7B41F94A5CCBBFF" X-Archives-Salt: 8c0259cb-221b-4abd-a9fa-4f2b08ed7b12 X-Archives-Hash: 1803b00e3c9bfa280cd0e49fa807a81d This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig7889D061B7B41F94A5CCBBFF Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ISC DHCP: Denial of Service Date: August 06, 2008 Bugs: #227135 ID: 200808-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis =3D=3D=3D=3D=3D=3D=3D=3D A Denial of Service vulnerability was discovered in ISC DHCP. Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ISC DHCP is ISC's reference implementation of all aspects of the Dynamic Host Configuration Protocol. Affected packages =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/dhcp < 3.1.1 >=3D 3.1.1 Description =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D A buffer overflow error was found in ISC DHCP server, that can only be exploited under unusual server configurations where the DHCP server is configured to provide clients with a large set of DHCP options. Impact =3D=3D=3D=3D=3D=3D A remote attacker could exploit this vulnerability to cause a Denial of Service. Workaround =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D There is no known workaround at this time. Resolution =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D All ISC DHCP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=3Dnet-misc/dhcp-3.1.1" References =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 1 ] CVE-2007-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-0062 Availability =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200808-05.xml Concerns? =3D=3D=3D=3D=3D=3D=3D=3D=3D Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License =3D=3D=3D=3D=3D=3D=3D Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --------------enig7889D061B7B41F94A5CCBBFF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkiaBqcACgkQD/IBIJzjypH6IQCfUNd4xJDHgFk7yxdJbZ/tEBcD e1oAn1qre66IOAXBCzhAaJ08Jx0AAOr9 =ADmP -----END PGP SIGNATURE----- --------------enig7889D061B7B41F94A5CCBBFF--