Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: debian dhcpd, old format string bug

from [Tarragon Allen] Network Security [Permanent Link]
Subject: Re: debian dhcpd, old format string bug
Date: Thu, 28 Oct 2004 10:31:38 +1000 
On Tuesday 26 October 2004 10:37, infamous41md@hotpop.com wrote:

Subject:

Debian dhcpd package.

http://packages.debian.org/stable/net/dhcp

It is vulnerable to the '02 format string bug.

http://www.cert.org/advisories/CA-2002-12.html


Firstly, good etiquette would have been for you to actually report the bug 
with Debian. I don't see any bugs raised against any of the appropriate 
packages regarding this.

Secondly, the advisory you refer to is only mentioning DHCP 3.0+. The Debian 
package you referred to is 2.0pl5. Perhaps you are referring to:

http://packages.debian.org/stable/net/dhcp3-server

Which is presently at 3.0.1rc9. The CERT advisory refers to 3.01 to 3.01r8 
inclusive.

Are you saying the CERT advisory applies to other versions of DHCP?

t
-- 
http://moto-coda.org/public.gpg.key
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  New URL spoofing bug in Microsoft Internet Explorer, 0-1-2-3
Next by Date:  Re: Mozilla Firefox (tested on 0.9.3) html-code crash., Crispin Cowan
Previous by Thread:  debian dhcpd, old format string bug, infamous41md
Next by Thread:  Re: debian dhcpd, old format string bug, infamous41md
Indexes:  [Date] [Thread] [Top] [All Lists]