===================================================================== CERT-Renater Note d'Information No. 2007/VULN389 _____________________________________________________________________ DATE : 11/10/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Système OpenBSD ====================================================================== ---------------------------- Message original ---------------------------- Objet: Security fix for dhcpd De: "Todd C. Miller" Date: Mar 9 octobre 2007 23:22 À: security-announce@openbsd.org -------------------------------------------------------------------------- Summary: Malicious DHCP clients on the local network could cause dhcpd(8) to corrupt its stack. Impact: A DHCP client with a carefully chosen maximum message size that is less than the minimum IP MTU could lead to a buffer overflow in dhcpd(8). This could cause dhcpd(8) to crash or could potentially result in remote code execution. Workaround: Disable dhcpd if it is enabled. Note that OpenBSD does not ship with dhcpd(8) enabled by default. Fix: A fix has been committed to OpenBSD-current. Patches are available for OpenBSD 4.2, 4.1 and 4.0. ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/001_dhcpd.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.1/common/010_dhcpd.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/016_dhcpd.patch Credits: The bug was found by Nahuel Riva and Gerardo Richarte of Core Security Technologies ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================