Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[SECURITY] [DSA 1388-3] New dhcp packages fix arbitrary code execution

from [Noah Meyerhans] Network Security [Permanent Link]
Subject: [SECURITY] [DSA 1388-3] New dhcp packages fix arbitrary code execution
Date: Mon, 29 Oct 2007 19:03:32 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1388-3                security@debian.org
http://www.debian.org/security/                         Noah Meyerhans
October 29, 2007                    http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : dhcp
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-5365
Debian Bug     : 446354

The patch used to correct the DHCP server buffer overflow in DSA-1388-1
was incomplete and did not adequately resolve the problem.  This update
to the previous advisory makes available updated packages based on a
newer version of the patch.

For the stable distribution (etch), this problem has been fixed in
version 2.0pl5-19.5etch2

Updates to the old stable version (sarge) are pending.

We recommend that you upgrade your dhcp packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2.dsc
    Size/MD5 checksum:      683 0b58f9e8eb121cf97c069580fe7f8d2a
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2.diff.gz
    Size/MD5 checksum:   109536 e05751df16af9fef3826de1b13b19694
  http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
    Size/MD5 checksum:   294909 ab22f363a7aff924e2cc9d1019a21498

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_alpha.deb
    Size/MD5 checksum:   115986 5a3fad1441184f67ebfd259e225b8deb
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_alpha.deb
    Size/MD5 checksum:   122958 70cf5573cdb9df0ade56fd58963526f7
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_alpha.deb
    Size/MD5 checksum:    81466 59a2774d3cbf426c116cda5b37004b02
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_alpha.udeb
    Size/MD5 checksum:    53328 fc6a74bbf4ca3d11266894022967d215

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_amd64.deb
    Size/MD5 checksum:   115646 5fb5be9e0df58591e2f09984b107b6ff
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_amd64.deb
    Size/MD5 checksum:    76622 699bdea9722e30a17d893a5fdfc59b3c
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_amd64.deb
    Size/MD5 checksum:   109336 aca4a6dfbe89e12da8b5f57031c6749a
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_amd64.udeb
    Size/MD5 checksum:    46762 b7ab045411264337a230c0e0547e976c

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_arm.deb
    Size/MD5 checksum:   114446 e706691fe1b1da3e48556f3f3a2759dc
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_arm.udeb
    Size/MD5 checksum:    44804 a7de3008bff776bc41f57939d6baef0c
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_arm.deb
    Size/MD5 checksum:    74574 c357f51c69cacd0c5e7f746735b050ee
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_arm.deb
    Size/MD5 checksum:   107660 c0426fafa16454f4f3613b669be104b3

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_hppa.deb
    Size/MD5 checksum:   115078 77698ad1416708c1bba42286717a6a38
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_hppa.deb
    Size/MD5 checksum:   109288 ba099d48d08c7b63f17c901505069a93
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_hppa.deb
    Size/MD5 checksum:    77218 631787f11690111a20ca8e06da223955
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_hppa.udeb
    Size/MD5 checksum:    46534 e4563d516472ae7b00640c4faf63a69b

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_i386.udeb
    Size/MD5 checksum:    40922 439ee79ca28a824a3bd702e6d2a4782a
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_i386.deb
    Size/MD5 checksum:    72582 ad568458d95419eae37cbc05f7df99e0
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_i386.deb
    Size/MD5 checksum:   111342 02946828ab4646c8c9d40abbb9323f10
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_i386.deb
    Size/MD5 checksum:   103662 5309abf9853a42438f3b25557e2ea72a

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_ia64.deb
    Size/MD5 checksum:   135918 1130320929adbd7b5f6bbbdbe7ea8cf4
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_ia64.deb
    Size/MD5 checksum:   142464 88880a0d9631738e8d50d88725405f2a
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_ia64.udeb
    Size/MD5 checksum:    72360 4c6b9e4ed5a2b908818f2bdc047302f1
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_ia64.deb
    Size/MD5 checksum:    92714 6b45e56a178149eb662b3ace829f4d1a

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_mips.deb
    Size/MD5 checksum:   112086 f3eefe99badef8981c197191cfa7ad39
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_mips.deb
    Size/MD5 checksum:   118180 bc2b4fcd3d3a7df0ece598e4a0c72ea4
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_mips.udeb
    Size/MD5 checksum:    49302 0a4a229e0e066b8d9fecc75125385899
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_mips.deb
    Size/MD5 checksum:    78638 a588b355c89a2f5bbd893aaf938740c8

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_mipsel.deb
    Size/MD5 checksum:   117674 a39185fab632a03793efe3396311f350
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_mipsel.udeb
    Size/MD5 checksum:    48770 42c311ba6c2052abdddf6c2e6b7aa16a
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_mipsel.deb
    Size/MD5 checksum:   111554 86440305699bfed9cd6cd0721b5c032c
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_mipsel.deb
    Size/MD5 checksum:    78272 95b3aff8d41ea810ee4d4b1bb75c9eed

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_powerpc.deb
    Size/MD5 checksum:    74674 f3377454115baffb9450fb0a0bb51d0f
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_powerpc.deb
    Size/MD5 checksum:   105862 4b75aabdc533969677988dbc4bd8e59e
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_powerpc.udeb
    Size/MD5 checksum:    43066 2edba1128225890a6792f2eecee00058
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_powerpc.deb
    Size/MD5 checksum:   112228 a60c4734706546a47127c11765f1d9bf

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_s390.udeb
    Size/MD5 checksum:    53540 8a063f95dd410c93e6b5fe10e091fdc2
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_s390.deb
    Size/MD5 checksum:   121934 d5ae65fdd1254df11d692051753efcc8
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_s390.deb
    Size/MD5 checksum:   116260 29bf7983a2226601124ee0da48072aa2
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_s390.deb
    Size/MD5 checksum:    80346 fe7c1452e141fc20d16653b857d6ec69

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_sparc.deb
    Size/MD5 checksum:    75060 e8e5a86e2e608771e36755b0f443df83
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_sparc.deb
    Size/MD5 checksum:   112946 cd73de6703a63dc321cf788bab64d52d
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_sparc.deb
    Size/MD5 checksum:   106534 c777f24901a5bdb9db29c3a82da401d8
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_sparc.udeb
    Size/MD5 checksum:    43554 516673e6c0d38126058807dbbdf81fe7


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHJiBTYrVLjBFATsMRApGoAKCAiXkFLHovH5+pVAfYcdjGpE9YsQCfSlmf
e6x8XkgVT062h5BVexGeNAs=
=7pQY
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [SECURITY] [DSA 1388-3] New dhcp packages fix arbitrary code execution, Noah Meyerhans <=
Previous by Date:  SAXON version 5.4 SQL Injection Vulnerability, securityresearch
Next by Date:  rPSA-2007-0225-2 firefox thunderbird, rPath Update Announcements
Previous by Thread:  SAXON version 5.4 SQL Injection Vulnerability, securityresearch
Next by Thread:  rPSA-2007-0225-2 firefox thunderbird, rPath Update Announcements
Indexes:  [Date] [Thread] [Top] [All Lists]