lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87eiqzr7iv.fsf@mid.deneb.enyo.de>
Date: Tue, 25 Aug 2009 21:57:28 +0200
From: Florian Weimer <fw@...eb.enyo.de>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1833-2] New dhcp3 packages fix
	arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1833-2                  security@...ian.org
http://www.debian.org/security/                           Florian Weimer
August 25, 2009                       http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : dhcp3
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-0692 CVE-2009-1892
CERT advisory  : VU#410676

The previous dhcp3 update (DSA-1833-1) did not properly apply the
required changes to the stable (lenny) version.  The old stable (etch)
version is not affected by this problem.

The original advisory description follows.

Several remote vulnerabilities have been discovered in ISC's DHCP
implementation:

It was discovered that dhclient does not properly handle overlong
subnet mask options, leading to a stack-based buffer overflow and
possible arbitrary code execution.  (CVE-2009-0692)

Christoph Biedl discovered that the DHCP server may terminate when
receiving certain well-formed DHCP requests, provided that the server
configuration mixes host definitions using "dhcp-client-identifier"
and "hardware ethernet".  This vulnerability only affects the lenny
versions of dhcp3-server and dhcp3-server-ldap.  (CVE-2009-1892)

For the stable distribution (lenny), this problem has been fixed in
version 3.1.1-6+lenny3.

We recommend that you upgrade your dhcp3 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.1.1.orig.tar.gz
    Size/MD5 checksum:   798228 fcc19330a9c3a0efb5620409214652a9
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.1.1-6+lenny3.dsc
    Size/MD5 checksum:     1488 b884753ce46061cc6e0e6a783d7c24a3
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.1.1-6+lenny3.diff.gz
    Size/MD5 checksum:   128921 178f7799fbe3e8fb5a0472a8060bebf7

Architecture independent packages:

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp-client_3.1.1-6+lenny3_all.deb
    Size/MD5 checksum:    23010 e772483a84fdca84407e39556188a13e

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_alpha.deb
    Size/MD5 checksum:   148302 296381030181bf29e5185823472c34c7
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_alpha.deb
    Size/MD5 checksum:   348542 910f44119d0cbcefdfdb0496b72f75c0
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_alpha.deb
    Size/MD5 checksum:   272004 63e37fc50ae798ad86713ff354f5b996
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_alpha.deb
    Size/MD5 checksum:   394460 a77802ce027f350aed83be710c92fa9f
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_alpha.udeb
    Size/MD5 checksum:   215132 ea9207b439e373b7cda0633600fc2a66
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_alpha.deb
    Size/MD5 checksum:   127514 f1287179244c1684b1a892c187624425
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_alpha.deb
    Size/MD5 checksum:   333782 713d3ad0235144a0537d747a66766b6a

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_amd64.deb
    Size/MD5 checksum:   310356 6fb09a20cce949a6edd1a9a628863a2d
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_amd64.deb
    Size/MD5 checksum:   114266 bb511a3be6b474ba6233a00bd70d52b3
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_amd64.udeb
    Size/MD5 checksum:   188422 f2aaca0e2a93c0b3647d6cebc2dc515e
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_amd64.deb
    Size/MD5 checksum:   358418 15b92a206a5f782b91ef21a1cb89d8c1
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_amd64.deb
    Size/MD5 checksum:   245246 22f8d4e550561f67ac9145e114281d30
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_amd64.deb
    Size/MD5 checksum:   313224 2033f60c749a3e71631a5b153a77ae27
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_amd64.deb
    Size/MD5 checksum:   120442 f86b93961879963e2ea5dc0c5f2d344c

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_arm.deb
    Size/MD5 checksum:   226592 ddba5071d36b331c5a001b67a1b94410
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_arm.deb
    Size/MD5 checksum:   291194 4673741acf27ce06150203ea2cfde77f
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_arm.deb
    Size/MD5 checksum:   103716 cfa5568781f496e02e490ad803b79acc
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_arm.deb
    Size/MD5 checksum:   336408 56415a0df425eace6189f47585a63c01
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_arm.deb
    Size/MD5 checksum:   108910 efb3c5019520090a189212af9b6dcf3d
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_arm.deb
    Size/MD5 checksum:   292858 3d1d50251c7953847178a888e6cd91cf
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_arm.udeb
    Size/MD5 checksum:   170066 18a05aa4dfe765c6cc3f99b31e77ecac

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_armel.deb
    Size/MD5 checksum:   227670 41fc7a60258569b01280b594d6293264
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_armel.deb
    Size/MD5 checksum:   337326 266b173681f5c3ea777ae7710cbee665
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_armel.deb
    Size/MD5 checksum:   109000 d04801f4eb76218ff8d8e791acef63ad
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_armel.deb
    Size/MD5 checksum:   103446 dd8d97b1c2364fd1995861454b1fc4a4
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_armel.udeb
    Size/MD5 checksum:   170862 6d71afbbe92432bd1a97c264cfd63561
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_armel.deb
    Size/MD5 checksum:   293940 13e80b7f3b18b939c59193433f72e7b5
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_armel.deb
    Size/MD5 checksum:   293866 e1aaacdd2982b92f1e08126a8a8f2651

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_hppa.deb
    Size/MD5 checksum:   128540 42870a2ec98979a8c59e23bc6fab70f6
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_hppa.deb
    Size/MD5 checksum:   324744 243543866ed9202ce92e9ddc8341fd22
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_hppa.deb
    Size/MD5 checksum:   252142 d0e2729de7ff5da898457d7ee7d1b006
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_hppa.deb
    Size/MD5 checksum:   315534 1657f330bf1b1aacb9b14b419ad003a5
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_hppa.deb
    Size/MD5 checksum:   369264 20f45be07aa3a831d7ea7a3dfaece2d1
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_hppa.udeb
    Size/MD5 checksum:   194978 aa479a0645490f800b342aff92bef059
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_hppa.deb
    Size/MD5 checksum:   116256 dbb01f0c3302f6e35a30e8e5572bf244

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_i386.deb
    Size/MD5 checksum:   286974 7129977793036958290bbae514dbf1d6
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_i386.deb
    Size/MD5 checksum:   289992 ea449e5b736070fae42f67792eb0e47e
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_i386.deb
    Size/MD5 checksum:   223668 d943808ec256705e0950fe652bb6f9b4
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_i386.deb
    Size/MD5 checksum:   102102 2522fcb18f0a6f4aa2f8bbc07427e237
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_i386.udeb
    Size/MD5 checksum:   167012 e642d66307eff2f9a6ece11291b4a06d
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_i386.deb
    Size/MD5 checksum:   332706 647086523305d950e2aebc1805cf2e92
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_i386.deb
    Size/MD5 checksum:   106618 c0430456e7d746d57fd58a676147950f

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_ia64.deb
    Size/MD5 checksum:   155090 8f8b0bfb1d3e0755c15df15fc920a8af
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_ia64.udeb
    Size/MD5 checksum:   289292 c997f11a86e7df414bacbad0e5e944be
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_ia64.deb
    Size/MD5 checksum:   159892 12cd71f2e058c63a602d74983adb5c39
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_ia64.deb
    Size/MD5 checksum:   464804 ceb110ae2899d450987ca83dfdb38944
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_ia64.deb
    Size/MD5 checksum:   347522 4c9f4bdec5669dc29b46a6e83a4fa5ef
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_ia64.deb
    Size/MD5 checksum:   508092 a1a293a6ddee469e040d7ff364ee791a
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_ia64.deb
    Size/MD5 checksum:   400328 937f8ee9ac9d25af6921222e7b92a108

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_mips.deb
    Size/MD5 checksum:   123936 53d5f37d69d182cbbe312f52550a84b1
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_mips.deb
    Size/MD5 checksum:   114502 dee95947cb21084abf748e8a42960846
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_mips.udeb
    Size/MD5 checksum:   188178 2926264f19c138bdd2c72458606e4c0c
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_mips.deb
    Size/MD5 checksum:   359836 a903759df5a549c6a5e3aa227790fe04
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_mips.deb
    Size/MD5 checksum:   308718 a476ebabd4537f41f1d5a787ea7ff9fa
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_mips.deb
    Size/MD5 checksum:   245276 c95b1fccff2d8ad01b5cbc4981eeac8c
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_mips.deb
    Size/MD5 checksum:   314998 80f09a90d259ce66a342447d98a9a379

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_mipsel.deb
    Size/MD5 checksum:   247700 eda49dcddd8fdfd58b85645c315c5faf
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_mipsel.deb
    Size/MD5 checksum:   310874 a05df96245d09530155f9e81bd63a4fb
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_mipsel.deb
    Size/MD5 checksum:   362206 a57eeaf69fd65711afe6cb5417e5f0df
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_mipsel.deb
    Size/MD5 checksum:   125542 4a1784603dae8acfae95d4f9d0ce8e30
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_mipsel.udeb
    Size/MD5 checksum:   190284 30cff1bafcc1ba24b5b5ab7495798dea
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_mipsel.deb
    Size/MD5 checksum:   116262 f3956046702a31009c21bc4a18279052
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_mipsel.deb
    Size/MD5 checksum:   317264 25bb814dfa93b8114fc6d0a0ddd0cbdf

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_powerpc.deb
    Size/MD5 checksum:   111052 8e0dfe581f4cfb3bcd0e74490cbcffab
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_powerpc.deb
    Size/MD5 checksum:   119514 99c8afb47de64f36a82db6cd21513476
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_powerpc.deb
    Size/MD5 checksum:   241126 e779f852e414e537a35295f238d38356
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_powerpc.deb
    Size/MD5 checksum:   353466 9af62ed705a6ae46b208579dfa481d6a
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_powerpc.udeb
    Size/MD5 checksum:   183816 4438592b9fdf9117b8c037a7047ee5f8
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_powerpc.deb
    Size/MD5 checksum:   310638 3d93a3137afe44b45de6c398bdb701c8
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_powerpc.deb
    Size/MD5 checksum:   304958 b2a44d63cc34124883564f5296ef18e7

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_s390.deb
    Size/MD5 checksum:   117592 db3a8ae34c5e3a836dbf9e72c5067a90
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_s390.deb
    Size/MD5 checksum:   348950 3ecac83017405ee2aa924cfb5905233d
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_s390.udeb
    Size/MD5 checksum:   182078 35859dae5c87aae0fef90f2ab796714e
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_s390.deb
    Size/MD5 checksum:   112450 1243ac51995a6a6492d8b3da08d6fd5a
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_s390.deb
    Size/MD5 checksum:   239428 ea577141dbeff528fa9b431fd712d7e8
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_s390.deb
    Size/MD5 checksum:   303426 546d21f56cfad698fa28856cc2181c19
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_s390.deb
    Size/MD5 checksum:   303700 4e76286fe1a10d48537c4246b35526b9

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_sparc.deb
    Size/MD5 checksum:   283826 c0f5fce1f190aabd11b1851636af3ea3
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_sparc.deb
    Size/MD5 checksum:   324576 13f0ac8544ff2f50b27a44dc1d0e5e95
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_sparc.deb
    Size/MD5 checksum:   279396 6171cb5605c87dddaa215eba5f15e38d
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_sparc.deb
    Size/MD5 checksum:   218466 e3fab612bad763549dd5d4cd94dd6892
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_sparc.deb
    Size/MD5 checksum:   101600 d5d9016bdb0723205e3b0e5463315fda
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_sparc.deb
    Size/MD5 checksum:   109816 85e004868374d6dbc78255efff2fbf7f
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_sparc.udeb
    Size/MD5 checksum:   161378 2b4b855d8e3b8790e34a3de715df9db2


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJKlEMFAAoJEL97/wQC1SS+PfEH/3N4ADHkPs6rVcUVHztxTQVf
bMd1bmy53/aGhJZGkSz/SC2p9P1tHIWw+ZUVRY8Gm1atybGWJzspMGdop3nHkvAW
gDkLWzAdodyBMB4iQS8jaLQTltHVbybiQU/LZoiWxw2A7BYZ8Z0TsBjw7gR24mYx
sneX2nyZx/h6aLHcU3VRDVRp9+dxZzFjMUfRl5OHNWyeoLaefdf3n6HTgEk3Mbby
LpbwXnc1Y0rSn9QSeqYb5HJQNHMy0tNJ47MkZII0Or8LftlPKCR4Nkj+oxFYImzK
Yra3e2bAS7k3lqJngkD6KGg4pDpOCe2k8PT6qDxvy9NAf4a0dm/0mKo4oZWaDZk=
=ZA1X
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ