Executive Summary

Summary
Title dhcp vulnerability
Informations
Name USN-531-2 First vendor Publication 2007-10-23
Vendor Ubuntu Last vendor Modification 2007-10-23
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
dhcp 2.0pl5-19.4ubuntu0.2

Ubuntu 6.10:
dhcp 2.0pl5-19.4ubuntu1.2

Ubuntu 7.04:
dhcp 2.0pl5-19.5ubuntu2.2

Ubuntu 7.10:
dhcp 2.0pl5dfsg1-20ubuntu1.2

In general, a standard system upgrade is sufficient to affect the necessary changes.

Details follow:

USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem.

Original advisory details:

Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not
correctly handle certain client options. A remote attacker could send
malicious DHCP replies to the server and execute arbitrary code.

Original Source

Url : http://www.ubuntu.com/usn/USN-531-2

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17047
 
Oval ID: oval:org.mitre.oval:def:17047
Title: USN-531-2 -- dhcp vulnerability
Description: USN-531-1 fixed vulnerabilities in dhcp.
Family: unix Class: patch
Reference(s): USN-531-2
CVE-2007-5365
 Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
 Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17549
 
Oval ID: oval:org.mitre.oval:def:17549
Title: USN-531-1 -- dhcp vulnerability
Description: Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options.
Family: unix Class: patch
Reference(s): USN-531-1
CVE-2007-5365
 Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
 Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18537
 
Oval ID: oval:org.mitre.oval:def:18537
Title: DSA-1388-3 dhcp - buffer overflow
Description: The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes updated packages based on a newer version of the patch available.
Family: unix Class: patch
Reference(s): DSA-1388-3
CVE-2007-5365
 Version: 7
Platform(s): Debian GNU/Linux 4.0
 Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20239
 
Oval ID: oval:org.mitre.oval:def:20239
Title: DSA-1388-1 dhcp
Description: The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes updated packages based on a newer version of the patch available.
Family: unix Class: patch
Reference(s): DSA-1388-1
CVE-2007-5365
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5817
 
Oval ID: oval:org.mitre.oval:def:5817
Title: Security Vulnerabilities in DHCP Handling of DHCP Requests May Allow Remote Users to Execute Arbitrary Code or Cause a Denial of the DHCP Service
Description: Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5365
 Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2
Os 3
Os 2
Os 1
Os 204
Os 6
Os 4

ExploitDB Exploits

id Description
2007-11-02 Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit

OpenVAS Exploits

Date Description
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20
File : nvt/gb_solaris_112837_20.nasl
2009-10-13 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19
File : nvt/gb_solaris_114265_19.nasl
2009-06-03 Name : Solaris Update for dhcp server and admin 109077-21
File : nvt/gb_solaris_109077_21.nasl
2009-06-03 Name : Solaris Update for dhcp server and admin 109078-21
File : nvt/gb_solaris_109078_21.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-18
File : nvt/gb_solaris_112837_18.nasl
2009-06-03 Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-17
File : nvt/gb_solaris_114265_17.nasl
2009-06-03 Name : Solaris Update for usr/lib/inet/in.dhcpd 138876-01
File : nvt/gb_solaris_138876_01.nasl
2009-06-03 Name : Solaris Update for usr/lib/inet/in.dhcpd 138877-01
File : nvt/gb_solaris_138877_01.nasl
2009-03-23 Name : Ubuntu Update for dhcp vulnerability USN-531-1
File : nvt/gb_ubuntu_USN_531_1.nasl
2009-03-23 Name : Ubuntu Update for dhcp vulnerability USN-531-2
File : nvt/gb_ubuntu_USN_531_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1388-1 (dhcp)
File : nvt/deb_1388_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
41687 Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove...

Snort® IPS/IDS

Date Description
2017-08-29 Sun Solaris dhcpd malformed bootp denial of service attempt
RuleID : 43752 - Revision : 2 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-531-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-531-2.nasl - Type : ACT_GATHER_INFO
2007-10-25 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-0970.nasl - Type : ACT_GATHER_INFO
2007-10-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1388.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 109077-21
File : solaris8_109077.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 12:04:42
  • Multiple Updates
2013-05-11 12:26:03
  • Multiple Updates