[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2009:312 -- Mandriva dhcp

ID: oval:org.secpod.oval:def:300997Date: (C)2012-01-07   (M)2017-10-04
Class: PATCHFamily: unix




A vulnerability has been found and corrected in ISC DHCP: Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients . Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option . ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding . Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for this vulnerability.

Platform:
Mandriva Linux 2008.0
Product:
dhcp
Reference:
MDVSA-2009:312
CVE-2009-1892
CVE-2009-0692
CVE-2007-0062
CVE    3
CVE-2007-0062
CVE-2009-1892
CVE-2009-0692
CPE    1
cpe:/o:mandriva:linux:2008.0

© 2013 SecPod Technologies