10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.076 Low
EPSS
Percentile
94.2%
CentOS Errata and Security Advisory CESA-2009:1154
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows
individual devices on an IP network to get their own network configuration
information, including an IP address, a subnet mask, and a broadcast
address.
The Mandriva Linux Engineering Team discovered a stack-based buffer
overflow flaw in the ISC DHCP client. If the DHCP client were to receive a
malicious DHCP response, it could crash or execute arbitrary code with the
permissions of the client (root). (CVE-2009-0692)
An insecure temporary file use flaw was discovered in the DHCP daemon’s
init script (“/etc/init.d/dhcpd”). A local attacker could use this flaw to
overwrite an arbitrary file with the output of the “dhcpd -t” command via
a symbolic link attack, if a system administrator executed the DHCP init
script with the “configtest”, “restart”, or “reload” option.
(CVE-2009-1893)
Users of DHCP should upgrade to these updated packages, which contain
backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-July/078196.html
https://lists.centos.org/pipermail/centos-announce/2009-July/078197.html
Affected packages:
dhclient
dhcp
dhcp-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1154
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | dhclient | < 3.0.1-10.2_EL3 | dhclient-3.0.1-10.2_EL3.i386.rpm |
CentOS | 3 | i386 | dhcp | < 3.0.1-10.2_EL3 | dhcp-3.0.1-10.2_EL3.i386.rpm |
CentOS | 3 | i386 | dhcp-devel | < 3.0.1-10.2_EL3 | dhcp-devel-3.0.1-10.2_EL3.i386.rpm |
CentOS | 3 | i386 | dhclient | < 3.0.1-10.2_EL3 | dhclient-3.0.1-10.2_EL3.i386.rpm |
CentOS | 3 | i386 | dhcp | < 3.0.1-10.2_EL3 | dhcp-3.0.1-10.2_EL3.i386.rpm |
CentOS | 3 | i386 | dhcp-devel | < 3.0.1-10.2_EL3 | dhcp-devel-3.0.1-10.2_EL3.i386.rpm |
CentOS | 3 | x86_64 | dhclient | < 3.0.1-10.2_EL3 | dhclient-3.0.1-10.2_EL3.x86_64.rpm |
CentOS | 3 | x86_64 | dhcp | < 3.0.1-10.2_EL3 | dhcp-3.0.1-10.2_EL3.x86_64.rpm |
CentOS | 3 | x86_64 | dhcp-devel | < 3.0.1-10.2_EL3 | dhcp-devel-3.0.1-10.2_EL3.x86_64.rpm |
CentOS | 3 | x86_64 | dhclient | < 3.0.1-10.2_EL3 | dhclient-3.0.1-10.2_EL3.x86_64.rpm |