Executive Summary

Summary
Title dhcp security update
Informations
Name RHSA-2007:0970 First vendor Publication 2007-10-23
Vendor RedHat Last vendor Modification 2007-10-23
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated dhcp package that corrects a security flaw is now available for Red Hat Enterprise Linux 2.1.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386

3. Problem description:

The dhcp package provides the ISC Dynamic Host Configuration Protocol (DHCP) server and relay agent, dhcpd. DHCP is a protocol that allows devices to get their own network configuration information from a server.

A bug was found in the way dhcpd validates certain DHCP protocol options. A malicious DHCP client could send a carefully crafted DHCP request and cause dhcpd to crash or possibly execute arbitrary code. (CVE-2007-5365)

All users of dhcp should upgrade to this updated package, which contains a backported patch that resolves this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

327781 - CVE-2007-5365 dhcpd stack-based buffer overlow

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2007-0970.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17047
 
Oval ID: oval:org.mitre.oval:def:17047
Title: USN-531-2 -- dhcp vulnerability
Description: USN-531-1 fixed vulnerabilities in dhcp.
Family: unix Class: patch
Reference(s): USN-531-2
CVE-2007-5365
 Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
 Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17549
 
Oval ID: oval:org.mitre.oval:def:17549
Title: USN-531-1 -- dhcp vulnerability
Description: Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options.
Family: unix Class: patch
Reference(s): USN-531-1
CVE-2007-5365
 Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
 Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18537
 
Oval ID: oval:org.mitre.oval:def:18537
Title: DSA-1388-3 dhcp - buffer overflow
Description: The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes updated packages based on a newer version of the patch available.
Family: unix Class: patch
Reference(s): DSA-1388-3
CVE-2007-5365
 Version: 7
Platform(s): Debian GNU/Linux 4.0
 Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20239
 
Oval ID: oval:org.mitre.oval:def:20239
Title: DSA-1388-1 dhcp
Description: The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes updated packages based on a newer version of the patch available.
Family: unix Class: patch
Reference(s): DSA-1388-1
CVE-2007-5365
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5817
 
Oval ID: oval:org.mitre.oval:def:5817
Title: Security Vulnerabilities in DHCP Handling of DHCP Requests May Allow Remote Users to Execute Arbitrary Code or Cause a Denial of the DHCP Service
Description: Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5365
 Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2
Os 3
Os 2
Os 1
Os 204
Os 6
Os 4

ExploitDB Exploits

id Description
2007-11-02 Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit

OpenVAS Exploits

Date Description
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20
File : nvt/gb_solaris_112837_20.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19
File : nvt/gb_solaris_114265_19.nasl
2009-06-03 Name : Solaris Update for dhcp server and admin 109077-21
File : nvt/gb_solaris_109077_21.nasl
2009-06-03 Name : Solaris Update for dhcp server and admin 109078-21
File : nvt/gb_solaris_109078_21.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-18
File : nvt/gb_solaris_112837_18.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-17
File : nvt/gb_solaris_114265_17.nasl
2009-06-03 Name : Solaris Update for usr/lib/inet/in.dhcpd 138876-01
File : nvt/gb_solaris_138876_01.nasl
2009-06-03 Name : Solaris Update for usr/lib/inet/in.dhcpd 138877-01
File : nvt/gb_solaris_138877_01.nasl
2009-03-23 Name : Ubuntu Update for dhcp vulnerability USN-531-1
File : nvt/gb_ubuntu_USN_531_1.nasl
2009-03-23 Name : Ubuntu Update for dhcp vulnerability USN-531-2
File : nvt/gb_ubuntu_USN_531_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1388-1 (dhcp)
File : nvt/deb_1388_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
41687 Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove...

Snort® IPS/IDS

Date Description
2017-08-29 Sun Solaris dhcpd malformed bootp denial of service attempt
RuleID : 43752 - Revision : 2 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-531-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-531-2.nasl - Type : ACT_GATHER_INFO
2007-10-25 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-0970.nasl - Type : ACT_GATHER_INFO
2007-10-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1388.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 109077-21
File : solaris8_109077.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:51:07
  • Multiple Updates