Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2009:312 | First vendor Publication | 2009-12-03 |
Vendor | Mandriva | Last vendor Modification | 2009-12-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability has been found and corrected in ISC DHCP: Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients (CVE-2007-0062). Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option (CVE-2009-0692). ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding (CVE-2009-1892). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for this vulnerability. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:312 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10758 | |||
Oval ID: | oval:org.mitre.oval:def:10758 | ||
Title: | Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. | ||
Description: | Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0692 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12418 | |||
Oval ID: | oval:org.mitre.oval:def:12418 | ||
Title: | USN-803-2 -- dhcp3 vulnerability | ||
Description: | USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch improperly applied, the default compiler options reduced the vulnerability to a denial of service. Additionally, in Ubuntu 9.04 and higher, users were also protected by the AppArmor dhclient3 profile. This update fixes the problem. Original advisory details: It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the "dhcp" user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-803-2 CVE-2009-0692 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04 | Product(s): | dhcp3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12854 | |||
Oval ID: | oval:org.mitre.oval:def:12854 | ||
Title: | DSA-1833-1 dhcp3 -- several | ||
Description: | Several remote vulnerabilities have been discovered in ISC's DHCP implementation: It was discovered that dhclient does not properly handle overlong subnet mask options, leading to a stack-based buffer overflow and possible arbitrary code execution. Christoph Biedl discovered that the DHCP server may terminate when receiving certain well-formed DHCP requests, provided that the server configuration mixes host definitions using "dhcp-client-identifier" and "hardware ethernet". This vulnerability only affects the lenny versions of dhcp3-server and dhcp3-server-ldap. For the old stable distribution, these problems have been fixed in version 3.0.4-13+etch2. For the stable distribution, this problem has been fixed in version 3.1.1-6+lenny2. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your dhcp3 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1833-1 CVE-2009-0692 CVE-2009-1892 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | dhcp3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13715 | |||
Oval ID: | oval:org.mitre.oval:def:13715 | ||
Title: | DSA-1833-2 dhcp3 -- several | ||
Description: | The previous dhcp3 update did not properly apply the required changes to the stable version. The old stable version is not affected by this problem. The original advisory description follows. Several remote vulnerabilities have been discovered in ISC's DHCP implementation: It was discovered that dhclient does not properly handle overlong subnet mask options, leading to a stack-based buffer overflow and possible arbitrary code execution. Christoph Biedl discovered that the DHCP server may terminate when receiving certain well-formed DHCP requests, provided that the server configuration mixes host definitions using "dhcp-client-identifier" and "hardware ethernet". This vulnerability only affects the lenny versions of dhcp3-server and dhcp3-server-ldap. For the stable distribution, this problem has been fixed in version 3.1.1-6+lenny3. We recommend that you upgrade your dhcp3 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1833-2 CVE-2009-0692 CVE-2009-1892 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | dhcp3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5941 | |||
Oval ID: | oval:org.mitre.oval:def:5941 | ||
Title: | DHCP dhclient Stack Overflow in script_write_params() Lets Remote Users Execute Arbitrary Code | ||
Description: | Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0692 | Version: | 1 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8056 | |||
Oval ID: | oval:org.mitre.oval:def:8056 | ||
Title: | DSA-1833 dhcp3 -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in ISC's DHCP implementation: It was discovered that dhclient does not properly handle overlong subnet mask options, leading to a stack-based buffer overflow and possible arbitrary code execution. Christoph Biedl discovered that the DHCP server may terminate when receiving certain well-formed DHCP requests, provided that the server configuration mixes host definitions using "dhcp-client-identifier" and "hardware ethernet". This vulnerability only affects the lenny versions of dhcp3-server and dhcp3-server-ldap. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1833 CVE-2009-0692 CVE-2009-1892 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | dhcp3 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-11-10 | ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability |
2009-07-27 | ISC DHCP dhclient < 3.1.2p1 Remote Buffer Overflow PoC |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for dhclient CESA-2009:1154 centos3 i386 File : nvt/gb_CESA-2009_1154_dhclient_centos3_i386.nasl |
2010-06-25 | Name : Fedora Update for dhcp FEDORA-2010-10083 File : nvt/gb_fedora_2010_10083_dhcp_fc11.nasl |
2010-01-29 | Name : Ubuntu Update for dhcp3 vulnerability USN-803-2 File : nvt/gb_ubuntu_USN_803_2.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:312 (dhcp) File : nvt/mdksa_2009_312.nasl |
2009-11-17 | Name : Fedora Core 11 FEDORA-2009-9075 (dhcp) File : nvt/fcore_2009_9075.nasl |
2009-10-13 | Name : SLES10: Security update for dhclient File : nvt/sles10_dhcp.nasl |
2009-10-13 | Name : SLES10: Security update for DHCP File : nvt/sles10_dhcp0.nasl |
2009-10-11 | Name : SLES11: Security update for dhcp-client File : nvt/sles11_dhcp-client.nasl |
2009-10-10 | Name : SLES9: Security update for dhcp-client File : nvt/sles9p5053652.nasl |
2009-10-10 | Name : SLES9: Security update for DHCP File : nvt/sles9p5043200.nasl |
2009-09-02 | Name : Gentoo Security Advisory GLSA 200908-08 (dhcp) File : nvt/glsa_200908_08.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1833-2 (dhcp3) File : nvt/deb_1833_2.nasl |
2009-09-02 | Name : Fedora Core 10 FEDORA-2009-8344 (dhcp) File : nvt/fcore_2009_8344.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:172 (dhcp) File : nvt/mdksa_2009_172.nasl |
2009-07-29 | Name : SuSE Security Advisory SUSE-SA:2009:037 (dhcp-client) File : nvt/suse_sa_2009_037.nasl |
2009-07-29 | Name : Ubuntu USN-803-1 (dhcp3) File : nvt/ubuntu_803_1.nasl |
2009-07-29 | Name : CentOS Security Advisory CESA-2009:1154 (dhcp) File : nvt/ovcesa2009_1154.nasl |
2009-07-29 | Name : Ubuntu USN-805-1 (ruby1.9) File : nvt/ubuntu_805_1.nasl |
2009-07-29 | Name : Mandrake Security Advisory MDVSA-2009:151 (dhcp) File : nvt/mdksa_2009_151.nasl |
2009-07-29 | Name : Mandrake Security Advisory MDVSA-2009:154 (dhcp) File : nvt/mdksa_2009_154.nasl |
2009-07-29 | Name : Mandrake Security Advisory MDVSA-2009:153 (dhcp) File : nvt/mdksa_2009_153.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1136 File : nvt/RHSA_2009_1136.nasl |
2009-07-29 | Name : Gentoo Security Advisory GLSA 200907-12 (dhcp) File : nvt/glsa_200907_12.nasl |
2009-07-29 | Name : FreeBSD Ports: isc-dhcp31-client File : nvt/freebsd_isc-dhcp31-client.nasl |
2009-07-29 | Name : Debian Security Advisory DSA 1833-1 (dhcp3) File : nvt/deb_1833_1.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1154 File : nvt/RHSA_2009_1154.nasl |
2009-07-23 | Name : ISC DHCP Client Buffer Overflow Vulnerability File : nvt/secpod_isc_dhcp_client_bof_vuln.nasl |
2009-03-23 | Name : Ubuntu Update for linux-restricted-modules-2.6.17/20, vmware-player-kernel-2... File : nvt/gb_ubuntu_USN_543_1.nasl |
2009-03-02 | Name : SuSE Security Summary SUSE-SR:2009:005 File : nvt/suse_sr_2009_005.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-05 (dhcp) File : nvt/glsa_200808_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-23 (vmware-workstation vmware-player) File : nvt/glsa_200711_23.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-195-01 dhcp File : nvt/esoft_slk_ssa_2009_195_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56422 | ISC DHCP dhcpd Unspecified Request Remote DoS |
55819 | ISC DHCP client/dhclient.c script_write_params() Function Remote Overflow |
40094 | VMware Multiple Products DHCP Server Packet Handling Multiple Remote Overflows |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-10-22 | IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0021867 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Multiple Operating Systems invalid DHCP option attempt RuleID : 7196 - Revision : 13 - Type : OS-OTHER |
2014-01-10 | dhclient subnet mask option buffer overflow attempt RuleID : 15700 - Revision : 3 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1154.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1136.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090714_dhcp_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1833.nasl - Type : ACT_GATHER_INFO |
2010-01-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-803-2.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-312.nasl - Type : ACT_GATHER_INFO |
2009-11-11 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9075.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_dhcp-6336.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12447.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12347.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_dhcp-client-090626.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp-5975.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp-6335.nasl - Type : ACT_GATHER_INFO |
2009-08-26 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8344.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200908-08.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2007-0006.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_dhcp-090126.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_dhcp-090626.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_dhcp-090626.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-154.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-153.nasl - Type : ACT_GATHER_INFO |
2009-07-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1154.nasl - Type : ACT_GATHER_INFO |
2009-07-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-151.nasl - Type : ACT_GATHER_INFO |
2009-07-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c444c8b7716911de9ab7000c29a67389.nasl - Type : ACT_GATHER_INFO |
2009-07-15 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-195-01.nasl - Type : ACT_GATHER_INFO |
2009-07-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1154.nasl - Type : ACT_GATHER_INFO |
2009-07-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1136.nasl - Type : ACT_GATHER_INFO |
2009-07-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-803-1.nasl - Type : ACT_GATHER_INFO |
2009-07-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200907-12.nasl - Type : ACT_GATHER_INFO |
2009-02-19 | Name : The remote openSUSE host is missing a security update. File : suse_dhcp-5958.nasl - Type : ACT_GATHER_INFO |
2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-05.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-23.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-543-1.nasl - Type : ACT_GATHER_INFO |
2007-10-04 | Name : The remote Windows host has an application that is affected by multiple issues. File : vmware_ws_server_multiple.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:41:01 |
|