Test ID:	1.3.6.1.4.1.25623.1.0.58682
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0970
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0970. The dhcp package provides the ISC Dynamic Host Configuration Protocol (DHCP) server and relay agent, dhcpd. DHCP is a protocol that allows devices to get their own network configuration information from a server. A bug was found in the way dhcpd validates certain DHCP protocol options. A malicious DHCP client could send a carefully crafted DHCP request and cause dhcpd to crash or possibly execute arbitrary code. (CVE-2007-5365) All users of dhcp should upgrade to this updated package, which contains a backported patch that resolves this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0970.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5365 BugTraq ID: 25984 http://www.securityfocus.com/bid/25984 BugTraq ID: 32213 http://www.securityfocus.com/bid/32213 Bugtraq: 20071011 CORE-2007-0928: Stack-based buffer overflow vulnerability in OpenBSDâ??s DHCP server (Google Search) http://www.securityfocus.com/archive/1/482085/100/100/threaded Bugtraq: 20071102 DoS Exploit for DHCPd bug (Bugtraq ID 25984 ; CVE-2007-5365) (Google Search) http://www.securityfocus.com/archive/1/483230/100/100/threaded Debian Security Information: DSA-1388 (Google Search) http://www.debian.org/security/2007/dsa-1388 https://www.exploit-db.com/exploits/4601 http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1962 OpenBSD Security Advisory: [4.0] 20071008 016: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata40.html#016_dhcpd OpenBSD Security Advisory: [4.1] 20071008 010: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata41.html#010_dhcpd OpenBSD Security Advisory: [4.2] 20071008 001: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata42.html#001_dhcpd https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5817 http://www.redhat.com/support/errata/RHSA-2007-0970.html http://www.securitytracker.com/id?1018794 http://securitytracker.com/id?1021157 http://secunia.com/advisories/27160 http://secunia.com/advisories/27273 http://secunia.com/advisories/27338 http://secunia.com/advisories/27350 http://secunia.com/advisories/32668 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1 http://www.ubuntu.com/usn/usn-531-1 http://www.ubuntu.com/usn/usn-531-2 http://www.vupen.com/english/advisories/2008/3088 XForce ISS Database: openbsd-dhcp-bo(37045) https://exchange.xforce.ibmcloud.com/vulnerabilities/37045
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.