Vulnerability Bulletins

int(1126)

Vulnerability Bulletins

Bug de formato en dhcp
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	dhcp 2.x
Description
Se ha descubierto un bug de formato en las versiones 2.x de dhcp. La vulnerabilidad reside en las funciones de log. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante el uso de un servidor DNS especialmente diseñado.
Solution
Actualización de software Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1.dsc http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1.diff.gz http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_alpha.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_alpha.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_alpha.deb ARM http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_arm.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_arm.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_i386.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_i386.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_ia64.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_ia64.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_ia64.deb HP Precision ttp://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_hppa.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_hppa.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_m68k.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_m68k.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_mips.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_mips.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_mipsel.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_mipsel.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_powerpc.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_powerpc.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_s390.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_s390.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_sparc.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_sparc.deb http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_sparc.deb Red Hat Linux Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/
Standar resources
Property	Value
CVE	CAN-2004-1006
BID
Other resources
Debian Security Advisory DSA 584-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00193.html Red Hat Security Advisory RHSA-2005:212-06 https://rhn.redhat.com/errata/RHSA-2005-212.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-11-05
1.1	Aviso emitido por Red Hat (RHSA-2005:212-06)	2005-04-15

Vulnerability Bulletins

Bug de formato en dhcp

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history