[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

[SECURITY-Debian] New verion of dhcp released

To: ilugc@xxxxxxxxxxxxxxxxxx, linux-india-help@xxxxxxxxxxxxxxxxxxxxx
Subject: [SECURITY-Debian] New verion of dhcp released
From: "Ravikant K.Rao" <ravi@xxxxxxxxxxx>
Date: Fri, 30 Jun 2000 23:12:17 +0530 (IST)
In-reply-to: <200006281618.e5SGIF602242@fog.mors.wiggy.net>
References: <200006281618.e5SGIF602242@fog.mors.wiggy.net>
Reply-to: ilugc@xxxxxxxxxxxxxxxxxx
Sender: "Ravikant K.Rao" <ravi@xxxxxxxxxxxxxxxxxxx>
Sender: ilugc-bounce@xxxxxxxxxxxxxxxxxx

Vulnerability Type: Remote Root Exploit <--- ;/
FYI -- ravi

>>>>> "WA" == Wichert Akkerman <wichert@xxxxxxxxxx> writes:

    WA> -----BEGIN PGP SIGNED MESSAGE----- -
    WA> ------------------------------------------------------------------------
    WA> Debian Security Advisory security@xxxxxxxxxx
    WA> http://www.debian.org/security/ Michael Stone June 27, 2000 -
    WA> ------------------------------------------------------------------------

    WA> Package: dhcp-client-beta (dhcp-client) Vulnerability type:
    WA> remote root exploit Debian-specific: no

    WA> The versions of the ISC DHCP client in debian 2.1 (slink) and
    WA> debian 2.2 (potato) are vulnerable to a root exploit. The
    WA> OpenBSD team reports that the client inappropriately executes
    WA> commands embedded in replies sent from a dhcp server. This
    WA> means that a malicious dhcp server can execute commands on the
    WA> client with root privilages.

    WA> The reported vulnerability is fixed in the package
    WA> dhcp-client-beta 2.0b1pl6-0.3 for the current stable release
    WA> (debian 2.1) and in dhcp-client 2.0-3potato1 for the frozen
    WA> pre-release (debian 2.2). The dhcp server and relay agents are
    WA> built from the same source as the client; however, the server
    WA> and relay agents are not vulnerable to this issue and do not
    WA> need to be upgraded.  We recommend upgrading your
    WA> dhcp-client-beta and dhcp-client immediately.


    WA> wget url will fetch the file for you dpkg -i file.deb will
    WA> install the referenced file.


    WA> Debian GNU/Linux 2.1 alias slink -
    WA> --------------------------------

    WA>   This version of Debian was released only for Intel ia32, the
    WA> Motorola 680x0, the alpha and the Sun sparc architecture.

    WA>   Source archives:
    WA> http://security.debian.org/dists/stable/updates/source/dhcp-beta_2.0b1pl6-0.3.diff.gz
    WA> MD5 checksum: 90e5a3d2e299aad278b10186b02c1d7b
    WA> http://security.debian.org/dists/stable/updates/source/dhcp-beta_2.0b1pl6-0.3.dsc
    WA> MD5 checksum: 9d15d1043a092b103fdbac2827470d5b
    WA> http://security.debian.org/dists/stable/updates/source/dhcp-beta_2.0b1pl6.orig.tar.gz
    WA> MD5 checksum: 2b63a90b272f087afb24c8f4ca72d3bd

[...]

    WA>   Intel ia32 architecture:
    WA> http://security.debian.org/dists/stable/updates/binary-i386/dhcp-beta_2.0b1pl6-0.3_i386.deb
    WA> MD5 checksum: e499e80e9906c7e412df40a75a16ece4
    WA> http://security.debian.org/dists/stable/updates/binary-i386/dhcp-client-beta_2.0b1pl6-0.3_i386.deb
    WA> MD5 checksum: c139d79a9f4a19e12c36108897b8335c
    WA> http://security.debian.org/dists/stable/updates/binary-i386/dhcp-relay-beta_2.0b1pl6-0.3_i386.deb
    WA> MD5 checksum: 0040eba75e437b961070218e7c8c2949

[...]

    WA> Debian GNU/Linux 2.2 alias potato -
    WA> ---------------------------------

    WA>   Please note that potato has not been released yet. However
    WA> since it is in the final stages of the release process
    WA> security updates are already being distributed.

    WA>   Source archives:
    WA> http://security.debian.org/dists/potato/updates/main/source/dhcp_2.0-3potato1.diff.gz
    WA> MD5 checksum: 40d365a28b6278cdeea7208ca06b1bde
    WA> http://security.debian.org/dists/potato/updates/main/source/dhcp_2.0-3potato1.dsc
    WA> MD5 checksum: 31a4060c49ef699ddfb2d431450a8993
    WA> http://security.debian.org/dists/potato/updates/main/source/dhcp_2.0.orig.tar.gz
    WA> MD5 checksum: eff5d5359a50f878e4c0da082bf10475

[...]

    WA>   Intel ia32 architecture:
    WA> http://security.debian.org/dists/potato/updates/main/binary-i386/dhcp-client_2.0-3potato1_i386.deb
    WA> MD5 checksum: 73c893f4c87c20a48607fda52d34d7da
    WA> http://security.debian.org/dists/potato/updates/main/binary-i386/dhcp-relay_2.0-3potato1_i386.deb
    WA> MD5 checksum: b18ca08c0e0c3ceed171c08c881730c3
    WA> http://security.debian.org/dists/potato/updates/main/binary-i386/dhcp_2.0-3potato1_i386.deb
    WA> MD5 checksum: da3735ce715897893c88cfb7539749bf

[...]

    WA> For apt-get: deb http://security.debian.org/ stable updates
    WA> For dpkg-ftp: ftp://security.debian.org/debian-security
    WA> dists/stable/updates Mailing list:
    WA> debian-security-announce@xxxxxxxxxxxxxxxx


    WA> -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv

    WA> iQB1AwUBOVok+KjZR/ntlUftAQEntwL+N8eMiJAVXoRA0WO9tKno7i+on9dCe/tw
    WA> R3I+yhEiWIg4MbNCkTdhQltNtV4936LrCAF0av38AlepA1Tm8BhxZQyyU6izGIM9
    WA> HPIuHQ70BhmRnHOacBUWq4BoBU11gIVp =v5Q9 -----END PGP
    WA> SIGNATURE-----


-- 
Ravikant K.Rao : http://www.symonds.net/~ravi/
Primary Email  : <ravi@xxxxxxxxxxx> | PGP: 9544A4A1   GPG: 1024D/C2FC752D
---
Visit our home page at: www.chennailug.org
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.

Prev by Subject: [SECURITY HOLE] mailx bug
Next by Subject: [SECURITY] New version of mailx released
Previous by thread: wuftp 2.6
Index(es):
- Subject
- Thread