 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.58685 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-1388-3) |
| Summary: | The remote host is missing an update for the Debian 'dhcp' package(s) announced via the DSA-1388-3 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'dhcp' package(s) announced via the DSA-1388-3 advisory. Vulnerability Insight: The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes updated packages based on a newer version of the patch available. For completeness, please find below the original advisory: It was discovered that dhcp, a DHCP server for automatic IP address assignment, didn't correctly allocate space for network replies. This could potentially allow a malicious DHCP client to execute arbitrary code upon the DHCP server. For the stable distribution (etch), this problem has been fixed in version 2.0pl5-19.5etch2. For the unstable distribution (sid), this problem will be fixed shortly. Updates to the old stable version (sarge) are pending. We recommend that you upgrade your dhcp packages. Affected Software/OS: 'dhcp' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-5365 BugTraq ID: 25984 http://www.securityfocus.com/bid/25984 BugTraq ID: 32213 http://www.securityfocus.com/bid/32213 Bugtraq: 20071011 CORE-2007-0928: Stack-based buffer overflow vulnerability in OpenBSDâ??s DHCP server (Google Search) http://www.securityfocus.com/archive/1/482085/100/100/threaded Bugtraq: 20071102 DoS Exploit for DHCPd bug (Bugtraq ID 25984 ; CVE-2007-5365) (Google Search) http://www.securityfocus.com/archive/1/483230/100/100/threaded Debian Security Information: DSA-1388 (Google Search) http://www.debian.org/security/2007/dsa-1388 https://www.exploit-db.com/exploits/4601 http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1962 OpenBSD Security Advisory: [4.0] 20071008 016: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata40.html#016_dhcpd OpenBSD Security Advisory: [4.1] 20071008 010: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata41.html#010_dhcpd OpenBSD Security Advisory: [4.2] 20071008 001: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata42.html#001_dhcpd https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5817 http://www.redhat.com/support/errata/RHSA-2007-0970.html http://www.securitytracker.com/id?1018794 http://securitytracker.com/id?1021157 http://secunia.com/advisories/27160 http://secunia.com/advisories/27273 http://secunia.com/advisories/27338 http://secunia.com/advisories/27350 http://secunia.com/advisories/32668 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1 http://www.ubuntu.com/usn/usn-531-1 http://www.ubuntu.com/usn/usn-531-2 http://www.vupen.com/english/advisories/2008/3088 XForce ISS Database: openbsd-dhcp-bo(37045) https://exchange.xforce.ibmcloud.com/vulnerabilities/37045 |
| Copyright | Copyright (C) 2008 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |