Rapid7 Vulnerability & Exploit Database

RHSA-2003:011: Updated dhcp packages fix security vulnerabilities

Back to Search

RHSA-2003:011: Updated dhcp packages fix security vulnerabilities

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
01/17/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Several potential stack overflow vulnerabilities affect the ISC DHCPD server. This advisory provides fixed packages for Red Hat Linux 8.0.

The dhcp package provides the ISC Dynamic Host Configuration Protocol (DHCP) server and relay agent. DHCP is a protocol which allows devices to get their own network configuration information from a server. The Internet Software Consortium has detected several potential vulnerabilities during an audit of the ISC DHCP server. These vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. Red Hat Linux 8.0 shipped with a version of DHCP that is vulnerable to these issues. All users of DHCP are advised to upgrade to the erratum packages which contain a backported patch to correct this issue. Other versions of Red Hat Linux and Red Hat Linux Advanced Server are based on version 2 of DHCP, and are therefore not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-dhclient
  • redhat-upgrade-dhcp
  • redhat-upgrade-dhcp-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;