正文

ISC DHCP dhclient.c script_write_params()函数栈溢出漏洞

admin
admin V管理员 /0 评论 /8 阅读
0105
此篇文章发布距今已超过1277天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

ISC DHCP dhclient.c script_write_params()函数栈溢出漏洞

  • CNNVD编号:CNNVD-200907-206
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2009-0692
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2009-07-14
  • 威胁类型: 远程
  • 更新时间: 2009-09-02
  • 厂        商: isc
  • 漏洞来源: Mandriva Linux Eng...

漏洞简介

动态主机配置协议(DHCP)允许IP网络上的各个设备获得各自的网络配置信息,包括IP地址、子网掩码和广播地址 。

ISC DHCP客户端(dhclient)的client/dhclient.c文件中的script_write_params()函数在使用服务器端所提供的租赁地址和子网掩码生成子网数字时没有执行长度检查。如果恶意的DHCP服务器返回了超长的子网掩码选项的话,就可以触发栈溢出,导致客户端崩溃或以root用户权限执行任意指令 。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

ISC DHCP Client 3.0

ISC dhcp-4.1.0p1.tar.gz

http://ftp.isc.org/isc/dhcp/dhcp-4.1.0p1.tar.gz

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu dhcp3-client-udeb_3.1.1-1ubuntu2.1_powerpc.udeb

http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.1-1ubu ntu2.1_powerpc.udeb

Ubuntu dhcp3-client_3.1.1-1ubuntu2.1_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.1-1ubuntu2. 1_powerpc.deb

Ubuntu dhcp3-common_3.1.1-1ubuntu2.1_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.1-1ubuntu2. 1_powerpc.deb

Ubuntu dhcp3-dev_3.1.1-1ubuntu2.1_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.1-1ubuntu2.1_p owerpc.deb

Ubuntu dhcp3-relay_3.1.1-1ubuntu2.1_powerpc.deb

http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.1-1ubunt u2.1_powerpc.deb

Ubuntu dhcp3-server-ldap_3.1.1-1ubuntu2.1_powerpc.deb

http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.1- 1ubuntu2.1_powerpc.deb

Ubuntu dhcp3-server_3.1.1-1ubuntu2.1_powerpc.deb

http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.1-1ubuntu2. 1_powerpc.deb

Slackware Linux 12.2

Slackware dhcp-3.1.2p1-i486-1_slack12.2.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ dhcp-3.1.2p1-i486-1_slack12.2.tgz

Debian Linux 5.0 alpha

Debian dhcp-client_3.1.1-6+lenny2_all.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp-client_3.1.1 -6+lenny2_all.deb

Debian dhcp-client_3.1.1-6+lenny3_all.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp-client_3.1.1 -6+lenny3_all.deb

Debian dhcp3-client-udeb_3.1.1-6+lenny2_alpha.udeb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb _3.1.1-6+lenny2_alpha.udeb

Debian dhcp3-client-udeb_3.1.1-6+lenny3_alpha.udeb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb _3.1.1-6+lenny3_alpha.udeb

Debian dhcp3-client_3.1.1-6+lenny2_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1. 1-6+lenny2_alpha.deb

Debian dhcp3-client_3.1.1-6+lenny3_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1. 1-6+lenny3_alpha.deb

Debian dhcp3-common_3.1.1-6+lenny2_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1. 1-6+lenny2_alpha.deb

Debian dhcp3-common_3.1.1-6+lenny3_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1. 1-6+lenny3_alpha.deb

Debian dhcp3-dev_3.1.1-6+lenny2_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6 +lenny2_alpha.deb

Debian dhcp3-dev_3.1.1-6+lenny3_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6 +lenny3_alpha.deb

Debian dhcp3-relay_3.1.1-6+lenny2_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1 -6+lenny2_alpha.deb

Debian dhcp3-relay_3.1.1-6+lenny3_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1 -6+lenny3_alpha.deb

Debian dhcp3-server-ldap_3.1.1-6+lenny2_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap _3.1.1-6+lenny2_alpha.deb

Debian dhcp3-server-ldap_3.1.1-6+lenny3_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap _3.1.1-6+lenny3_alpha.deb

Debian dhcp3-server_3.1.1-6+lenny2_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1. 1-6+lenny2_alpha.deb

Debian dhcp3-server_3.1.1-6+lenny3_alpha.deb

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1. 1-6+lenny3_alpha.deb

MandrakeSoft Linux Mandrake 2008.0

Mandriva dhcp-client-3.0.7-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva dhcp-common-3.0.7-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva dhcp-devel-3.0.7-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva dhcp-doc-3.0.7-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva dhcp-relay-3.0.7-0.1mdv2008.0.i586.rpm

http://www.mandriva.com/en/download/

Mandriva dhcp-server-3.0.7-0.1mdv2008.0.i586.

参考网址

来源: US-CERT

名称: VU#410676

链接:http://www.kb.cert.org/vuls/id/410676

来源: www.isc.org

链接:https://www.isc.org/node/468

来源: FEDORA

名称: FEDORA-2009-8344

链接:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html

来源: www.isc.org

链接:https://www.isc.org/downloadables/12

来源: bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=507717

来源: VUPEN

名称: ADV-2009-1891

链接:http://www.vupen.com/english/advisories/2009/1891

来源: UBUNTU

名称: USN-803-1

链接:http://www.ubuntu.com/usn/usn-803-1

来源: SECTRACK

名称: 1022548

链接:http://www.securitytracker.com/id?1022548

来源: BID

名称: 35668

链接:http://www.securityfocus.com/bid/35668

来源: REDHAT

名称: RHSA-2009:1154

链接:http://www.redhat.com/support/errata/RHSA-2009-1154.html

来源: REDHAT

名称: RHSA-2009:1136

链接:http://www.redhat.com/support/errata/RHSA-2009-1136.html

来源: OSVDB

名称: 55819

链接:http://www.osvdb.org/55819

来源: MANDRIVA

名称: MDVSA-2009:151

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:151

来源: DEBIAN

名称: DSA-1833

链接:http://www.debian.org/security/2009/dsa-1833

来源: SLACKWARE

名称: SSA:2009-195-01

链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471

来源: GENTOO

名称: GLSA-200907-12

链接:http://security.gentoo.org/glsa/glsa-200907-12.xml

来源: SECUNIA

名称: 36457

链接:http://secunia.com/advisories/36457

来源: SECUNIA

名称: 35880

链接:http://secunia.com/advisories/35880

来源: SECUNIA

名称: 35851

链接:http://secunia.com/advisories/35851

来源: SECUNIA

名称: 35850

链接:http://secunia.com/advisories/35850

来源: SECUNIA

名称: 35849

链接:http://secunia.com/advisories/35849

来源: SECUNIA

名称: 35841

链接:http://secunia.com/advisories/35841

来源: SECUNIA

名称: 35832

链接:http://secunia.com/advisories/35832

来源: SECUNIA

名称: 35831

链接:http://secunia.com/advisories/35831

来源: SECUNIA

名称: 35830

链接:http://secunia.com/advisories/35830

来源: SECUNIA

名称: 35829

链接:http://secunia.com/advisories/35829

来源: SECUNIA

名称: 35785

链接:http://secunia.com/advisories/35785

来源: SUSE

名称: SUSE-SA:2009:037

链接:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html

来源: NETBSD

名称: NetBSD-SA2009-010

链接:http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc

受影响实体

  • Isc Dhcp:2.0  
    <!--
    2000-1-1
    -->
  • Isc Dhcp:3.0  
    <!--
    2000-1-1
    -->
  • Isc Dhcp:3.1  
    <!--
    2000-1-1
    -->
  • Isc Dhcp:4.0  
    <!--
    2000-1-1
    -->
  • Isc Dhcp:4.1.0  
    <!--
    2000-1-1
    -->

补丁

    暂无