ISC DHCPD NSUPDATE MiniRes Library Remote Buffer Overflow Vulnerabilities

Solution:
SuSE reportedly ships with vulnerable packages. An advisory and fixes are forthcoming.

BSD/OS is prone to this issue. The vulnerability is addressed by the M431-001 and M500-004 patches for the 4.3.1 and 5.0 versions of BSD/OS. Users should contact the vendor for further information about obtaining and applying fixes.

OpenPKG has released an advisory containing updated dhcpd packages which address this issue. OpenPKG CURRENT is addressed by the dhcpd-3.0.1rc11-20030116 package, OpenPKG 1.1 is addressed by the dhcpd-3.0.1rc9-1.1.1 package and OpenPKG 1.0 is addressed by the dhcpd-3.0.1rc4-1.0.1 package.

Gentoo Linux has released an advisory. Users who have installed net-misc/dhcp are advised to upgrade their systems to dhcp-3.0_p2 by issuing the following commands:

emerge sync
emerge -u dhcp
emerge clean

Debian has made fixes available. See referenced advisory DSA 231-1 for additional details.

SuSE has released an advisory. Information about obtaining and applying fixes for SuSE Linux are available in the referenced advisory.

The FreeBSD ports collection contains the vulnerable software. Users are advised to update the port to version 3.0.1.r11 if it has been installed.

The following fixes are available:


ISC DHCPD 3.0 pl1

ISC DHCPD 3.0 rc12

ISC DHCPD 3.0 b2pl23

ISC DHCPD 3.0 b2pl9

ISC DHCPD 3.0 rc4

ISC DHCPD 3.0

ISC DHCPD 3.0.1 rc3

ISC DHCPD 3.0.1 rc4

ISC DHCPD 3.0.1 rc5

ISC DHCPD 3.0.1 rc7

ISC DHCPD 3.0.1 rc2

ISC DHCPD 3.0.1 rc1

ISC DHCPD 3.0.1 rc8

ISC DHCPD 3.0.1 rc6

ISC DHCPD 3.0.1 rc9

ISC DHCPD 3.0.1 rc10


 

Privacy Statement
Copyright 2010, SecurityFocus