Ubuntu Security Notice 803-2 - USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch improperly applied, the default compiler options reduced the vulnerability to a denial of service. Additionally, in Ubuntu 9.04 and higher, users were also protected by the AppArmor dhclient3 profile. This update fixes the problem. Original advisory details: It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.
c90a7824d2bd0d7a5899ee65553262f2b5893da989fde41ccb00958d6d18c356
Mandriva Linux Security Advisory 2009-312 - Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients. Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for this vulnerability.
8f7faa2b9f8b97470be6e97549bff3776b3e4ccc56354a7b48c49e066c45bc19
ISC DHCP dhclient scripts_write_params() stack buffer overflow exploit.
2014e6abc56455168433974101c55c09624023f1879081dc6ce5c0c8823eb70e
VMware Security Advisory - VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues. And by multiple, we mean a very, very, very large amount of issues.
c2c6048aa6cecef0b2620603adc69c5932ea002bec08689597fb8904eaaf2bfa
Debian Security Advisory 1833-2 - The previous dhcp3 update (DSA-1833-1) did not properly apply the required changes to the stable (lenny) version. The old stable (etch) version is not affected by this problem.
d37dd1774bcb143ebca48d1d6561dd56f75caa2f740d1cadcd4ec7160c9f147f
ISC DHCP dhclient versions below 3.1.2p1 remote buffer overflow proof of concept exploit.
3349faa893f5026dc2f5ad7d730fa3755ae56fe23834c0c9677e3b5a0eee16fc
Mandriva Linux Security Advisory 2009-151 - Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. This update provides fixes for this vulnerability.
98776c6e9ca8bc462c14c4d5c6ece953c8013badfe78305791854e7e04b418fa
Ubuntu Security Notice USN-803-1 - It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.
6a76b57fee039a37e6e55107383d34b3fd926c97e5f9f3613a05cc642474dc84
Debian Security Advisory 1833-1 - Several remote vulnerabilities have been discovered in ISC's DHCP implementation.
a5bf6269df32f7ce41c04a238c745c002b29ad7962e67156d2b36075df03f363
Gentoo Linux Security Advisory GLSA 200907-12 - A buffer overflow in dhclient as included in the ISC DHCP implementation allows for the remote execution of arbitrary code with root privileges. The Mandriva Linux Engineering Team has reported a stack-based buffer overflow in the subnet-mask handling of dhclient. Versions less than 3.1.1-r1 are affected.
6127c32fca4a29d6fa853d498b0364b4464edc5467524bf7481a893c7ba9b69d