ISC DHCPD NSUPDATE MiniRes Library Remote Buffer Overflow Vulnerabilities
SuSE reportedly ships with vulnerable packages. An advisory and fixes are forthcoming.
BSD/OS is prone to this issue. The vulnerability is addressed by the M431-001 and M500-004 patches for the 4.3.1 and 5.0 versions of BSD/OS. Users should contact the vendor for further information about obtaining and applying fixes.
OpenPKG has released an advisory containing updated dhcpd packages which address this issue. OpenPKG CURRENT is addressed by the dhcpd-3.0.1rc11-20030116 package, OpenPKG 1.1 is addressed by the dhcpd-3.0.1rc9-1.1.1 package and OpenPKG 1.0 is addressed by the dhcpd-3.0.1rc4-1.0.1 package.
Gentoo Linux has released an advisory. Users who have installed net-misc/dhcp are advised to upgrade their systems to dhcp-3.0_p2 by issuing the following commands:
emerge -u dhcp
Debian has made fixes available. See referenced advisory DSA 231-1 for additional details.
SuSE has released an advisory. Information about obtaining and applying fixes for SuSE Linux are available in the referenced advisory.
The FreeBSD ports collection contains the vulnerable software. Users are advised to update the port to version 3.0.1.r11 if it has been installed.
The following fixes are available:
ISC DHCPD 3.0 pl1
ISC DHCPD 3.0 rc12
ISC DHCPD 3.0 b2pl23
ISC DHCPD 3.0 b2pl9
ISC DHCPD 3.0 rc4
ISC DHCPD 3.0
ISC DHCPD 3.0.1 rc3
ISC DHCPD 3.0.1 rc4
ISC DHCPD 3.0.1 rc5
ISC DHCPD 3.0.1 rc7
ISC DHCPD 3.0.1 rc2
ISC DHCPD 3.0.1 rc1
ISC DHCPD 3.0.1 rc8
ISC DHCPD 3.0.1 rc6
ISC DHCPD 3.0.1 rc9
ISC DHCPD 3.0.1 rc10