A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
Summary:
An attacker's DHCP server could send crafted responses to your computer and
cause it to run programs as root.
Software Description:
- dhcp3: DHCP Client
Details:
USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix
the vulnerability was not properly applied on Ubuntu 9.10 and higher. This
update fixes the problem.
Original advisory details:
Sebastian Krahmer discovered that the dhclient utility incorrectly filtered
crafted responses. An attacker could use this flaw with a malicious DHCP
server to execute arbitrary code, resulting in root privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
dhcp3-client 3.1.3-2ubuntu6.2
Ubuntu 10.04 LTS:
dhcp3-client 3.1.3-2ubuntu3.2
Ubuntu 9.10:
dhcp3-client 3.1.2-1ubuntu7.3
In general, a standard system update will make all the necessary changes.
==
Ubuntu Security Notice USN-1108-2
April 19, 2011
dhcp3 vulnerability
========================================================================
==
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
Summary:
An attacker's DHCP server could send crafted responses to your computer and
cause it to run programs as root.
Software Description:
- dhcp3: DHCP Client
Details:
USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix
the vulnerability was not properly applied on Ubuntu 9.10 and higher. This
update fixes the problem.
Original advisory details:
Sebastian Krahmer discovered that the dhclient utility incorrectly filtered
crafted responses. An attacker could use this flaw with a malicious DHCP
server to execute arbitrary code, resulting in root privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
dhcp3-client 3.1.3-2ubuntu6.2
Ubuntu 10.04 LTS:
dhcp3-client 3.1.3-2ubuntu3.2
Ubuntu 9.10:
dhcp3-client 3.1.2-1ubuntu7.3
In general, a standard system update will make all the necessary changes.
References:
CVE-2011-0997
Package Information:
https://launchpad.net/ubuntu/+source/dhcp3/3.1.3-2ubuntu6.2
https://launchpad.net/ubuntu/+source/dhcp3/3.1.3-2ubuntu3.2
https://launchpad.net/ubuntu/+source/dhcp3/3.1.2-1ubuntu7.3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJNrdknAAoJEGVp2FWnRL6T3jcP/ix5xD5PyBjVeyQJyVWOcYFH
xUC2GFg97TUVciB3wN2kAkhYmEbM1Nen2jb8wZJcyHHt3qudls8pqZgmLZi+7WWe
jVrLwWiZRqoYPCYEMIZeJD4laOUB6+YALE4c0T2iDoMcYTnRABUPHP2HY2b/FH8H
hRRFeqIi+h6cDa3c9YwAaA623v2VhnJqafjWHginvyGy6A6mCdBactIqrJqSfbFk
cICeC9UJWiiGs1PGZkfhSWXQ/4HMl8rmidmBTL/Vk0Ki51e+J2QAam2UP7dbLd9I
ZD+USKJB5UJMlzbc55QKj3YbwXSX+Dkr2gvTsOBebbsQeTcJBeeqleOwkkwj8TxV
v0gQRwCbX8Nvwt4SvyQfbwyBQ1QzNoWk2BRL1LxSkw6F1/FrhGwycetz+g2Wlfhh
NLiYA55Q8fS/gAnNAKSw22M+Vc47+Wt0F+7CQXNaQr9os6vvi6JonvlGT5WtS3wr
fRcG8gYNUS1TLNqr6wP+UwKRZO+zH1n5VhRmLzp1FS9t5XrfuKek9LvTLjk2JF/A
OP+735u/ixJxX+NCNXZBlWBgdjVyGzrXHrnsyPcCpC+Jw/0M+9b5OY/+JpglANi5
Qgr1eClnlSu0fGFSJz4nHMvk9IhTD3ka87dJQZIzg+aFXWMW1JjWZcKDavCAsfPG
rVvJQ7E3PAk3wsj3DJHw
=ykZ2
-----END PGP SIGNATURE-----
[ reply ]