Executive Summary
Summary | |
---|---|
Title | dhcp security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0970 | First vendor Publication | 2007-10-23 |
Vendor | RedHat | Last vendor Modification | 2007-10-23 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated dhcp package that corrects a security flaw is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 3. Problem description: The dhcp package provides the ISC Dynamic Host Configuration Protocol (DHCP) server and relay agent, dhcpd. DHCP is a protocol that allows devices to get their own network configuration information from a server. A bug was found in the way dhcpd validates certain DHCP protocol options. A malicious DHCP client could send a carefully crafted DHCP request and cause dhcpd to crash or possibly execute arbitrary code. (CVE-2007-5365) All users of dhcp should upgrade to this updated package, which contains a backported patch that resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 327781 - CVE-2007-5365 dhcpd stack-based buffer overlow |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0970.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17047 | |||
Oval ID: | oval:org.mitre.oval:def:17047 | ||
Title: | USN-531-2 -- dhcp vulnerability | ||
Description: | USN-531-1 fixed vulnerabilities in dhcp. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-531-2 CVE-2007-5365 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | dhcp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17549 | |||
Oval ID: | oval:org.mitre.oval:def:17549 | ||
Title: | USN-531-1 -- dhcp vulnerability | ||
Description: | Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-531-1 CVE-2007-5365 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | dhcp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18537 | |||
Oval ID: | oval:org.mitre.oval:def:18537 | ||
Title: | DSA-1388-3 dhcp - buffer overflow | ||
Description: | The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes updated packages based on a newer version of the patch available. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1388-3 CVE-2007-5365 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | dhcp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20239 | |||
Oval ID: | oval:org.mitre.oval:def:20239 | ||
Title: | DSA-1388-1 dhcp | ||
Description: | The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes updated packages based on a newer version of the patch available. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1388-1 CVE-2007-5365 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | dhcp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5817 | |||
Oval ID: | oval:org.mitre.oval:def:5817 | ||
Title: | Security Vulnerabilities in DHCP Handling of DHCP Requests May Allow Remote Users to Execute Arbitrary Code or Cause a Denial of the DHCP Service | ||
Description: | Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5365 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2007-11-02 | Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20 File : nvt/gb_solaris_112837_20.nasl |
2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19 File : nvt/gb_solaris_114265_19.nasl |
2009-06-03 | Name : Solaris Update for dhcp server and admin 109077-21 File : nvt/gb_solaris_109077_21.nasl |
2009-06-03 | Name : Solaris Update for dhcp server and admin 109078-21 File : nvt/gb_solaris_109078_21.nasl |
2009-06-03 | Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-18 File : nvt/gb_solaris_112837_18.nasl |
2009-06-03 | Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-17 File : nvt/gb_solaris_114265_17.nasl |
2009-06-03 | Name : Solaris Update for usr/lib/inet/in.dhcpd 138876-01 File : nvt/gb_solaris_138876_01.nasl |
2009-06-03 | Name : Solaris Update for usr/lib/inet/in.dhcpd 138877-01 File : nvt/gb_solaris_138877_01.nasl |
2009-03-23 | Name : Ubuntu Update for dhcp vulnerability USN-531-1 File : nvt/gb_ubuntu_USN_531_1.nasl |
2009-03-23 | Name : Ubuntu Update for dhcp vulnerability USN-531-2 File : nvt/gb_ubuntu_USN_531_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1388-1 (dhcp) File : nvt/deb_1388_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41687 | Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove... |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-29 | Sun Solaris dhcpd malformed bootp denial of service attempt RuleID : 43752 - Revision : 2 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-531-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-531-2.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0970.nasl - Type : ACT_GATHER_INFO |
2007-10-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1388.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 109077-21 File : solaris8_109077.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:07 |
|