Vulnerabilities > CVE-2008-5010 - Remote Code Execution vulnerability in SUN Opensolaris and Solaris

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

sun

critical

nessus

exploit available

NVD

Published: 2008-11-10

Updated: 2017-09-29

Summary

in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Opensolaris Snv_01 SUN Opensolaris Snv_02 SUN Opensolaris Snv_03 SUN Opensolaris Snv_04 SUN Opensolaris Snv_05 SUN Opensolaris Snv_06 SUN Opensolaris Snv_07 SUN Opensolaris Snv_08 SUN Opensolaris Snv_09 SUN Opensolaris Snv_10 SUN Opensolaris Snv_11 SUN Opensolaris Snv_12 SUN Opensolaris Snv_13 SUN Opensolaris Snv_14 SUN Opensolaris Snv_15 SUN Opensolaris Snv_16 SUN Opensolaris Snv_17 SUN Opensolaris Snv_18 SUN Opensolaris Snv_19 SUN Opensolaris Snv_20 SUN Opensolaris Snv_21 SUN Opensolaris Snv_22 SUN Opensolaris Snv_23 SUN Opensolaris Snv_24 SUN Opensolaris Snv_25 SUN Opensolaris Snv_26 SUN Opensolaris Snv_27 SUN Opensolaris Snv_28 SUN Opensolaris Snv_29 SUN Opensolaris Snv_30 SUN Opensolaris Snv_31 SUN Opensolaris Snv_32 SUN Opensolaris Snv_33 SUN Opensolaris Snv_34 SUN Opensolaris Snv_35 SUN Opensolaris Snv_36 SUN Opensolaris Snv_37 SUN Opensolaris Snv_38 SUN Opensolaris Snv_39 SUN Opensolaris Snv_40 SUN Opensolaris Snv_41 SUN Opensolaris Snv_42 SUN Opensolaris Snv_43 SUN Opensolaris Snv_44 SUN Opensolaris Snv_45 SUN Opensolaris Snv_46 SUN Opensolaris Snv_47 SUN Opensolaris Snv_48 SUN Opensolaris Snv_49 SUN Opensolaris Snv_50 SUN Opensolaris Snv_51 SUN Opensolaris Snv_52 SUN Opensolaris Snv_53 SUN Opensolaris Snv_54 SUN Opensolaris Snv_55 SUN Opensolaris Snv_56 SUN Opensolaris Snv_57 SUN Opensolaris Snv_58 SUN Opensolaris Snv_59 SUN Opensolaris Snv_60 SUN Opensolaris Snv_61 SUN Opensolaris Snv_62 SUN Opensolaris Snv_63 SUN Opensolaris Snv_64 SUN Opensolaris Snv_65 SUN Opensolaris Snv_66 SUN Opensolaris Snv_67 SUN Opensolaris Snv_68 SUN Opensolaris Snv_69 SUN Opensolaris Snv_70 SUN Opensolaris Snv_71 SUN Opensolaris Snv_72 SUN Opensolaris Snv_73 SUN Opensolaris Snv_74 SUN Opensolaris Snv_75 SUN Opensolaris Snv_76 SUN Opensolaris Snv_77 SUN Opensolaris Snv_78 SUN Opensolaris Snv_79 SUN Opensolaris Snv_80 SUN Opensolaris Snv_81 SUN Opensolaris Snv_82 SUN Opensolaris Snv_83 SUN Opensolaris Snv_84 SUN Opensolaris Snv_85 SUN Opensolaris Snv_86 SUN Opensolaris Snv_87 SUN Opensolaris Snv_88 SUN Opensolaris Snv_89 SUN Opensolaris Snv_90 SUN Opensolaris Snv_91 SUN Opensolaris Snv_92 SUN Opensolaris Snv_93 SUN Opensolaris Snv_94 SUN Opensolaris Snv_95 SUN Opensolaris Snv_96 SUN Opensolaris Snv_97 SUN Opensolaris Snv_98 SUN Opensolaris Snv_99 SUN Opensolaris Snv_100 SUN Opensolaris Snv_101 SUN Opensolaris * SUN Solaris 8 SUN Solaris 9 SUN Solaris 10	210

Exploit-Db

description	Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit. CVE-2007-5365,CVE-2008-5010. Dos exploits for multiple platform
file	exploits/multiple/dos/4601.txt
id	EDB-ID:4601
last seen	2016-01-31
modified	2007-11-02
platform	multiple
port
published	2007-11-02
reporter	RoMaNSoFt
source	https://www.exploit-db.com/download/4601/
title	Ubuntu 6.06 DHCPd - Remote Denial of Service Exploit
type	dos

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1388.NASL
description	The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes updated packages based on a newer version of the patch available. For completeness, please find below the original advisory : It was discovered that dhcp, a DHCP server for automatic IP address assignment, didn
last seen	2020-06-01
modified	2020-06-02
plugin id	27515
published	2007-10-19
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27515
title	Debian DSA-1388-3 : dhcp - buffer overflow
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1388. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(27515); script_version("1.23"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-5365", "CVE-2008-5010"); script_xref(name:"DSA", value:"1388"); script_name(english:"Debian DSA-1388-3 : dhcp - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes updated packages based on a newer version of the patch available. For completeness, please find below the original advisory : It was discovered that dhcp, a DHCP server for automatic IP address assignment, didn't correctly allocate space for network replies. This could potentially allow a malicious DHCP client to execute arbitrary code upon the DHCP server." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446354" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1388" ); script_set_attribute( attribute:"solution", value: "Upgrade the dhcp packages. For the stable distribution (etch), this problem has been fixed in version 2.0pl5-19.5etch2. Updates to the old stable version (sarge) are pending." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dhcp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"dhcp", reference:"2.0pl5-19.5etch2")) flag++; if (deb_check(release:"3.1", prefix:"dhcp-client", reference:"2.0pl5-19.5etch2")) flag++; if (deb_check(release:"3.1", prefix:"dhcp-relay", reference:"2.0pl5-19.5etch2")) flag++; if (deb_check(release:"4.0", prefix:"dhcp", reference:"2.0pl5-19.5etch1")) flag++; if (deb_check(release:"4.0", prefix:"dhcp-client", reference:"2.0pl5-19.5etch1")) flag++; if (deb_check(release:"4.0", prefix:"dhcp-relay", reference:"2.0pl5-19.5etch1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-531-2.NASL
description	USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem. Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	28137
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/28137
title	Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : dhcp vulnerability (USN-531-2)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-531-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28137); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-5365", "CVE-2008-5010"); script_xref(name:"USN", value:"531-2"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : dhcp vulnerability (USN-531-2)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem. Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/531-2/" ); script_set_attribute( attribute:"solution", value:"Update the affected dhcp, dhcp-client and / or dhcp-relay packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp-relay"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06\|6\.10\|7\.04\|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"dhcp", pkgver:"2.0pl5-19.4ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"dhcp-client", pkgver:"2.0pl5-19.4ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"dhcp-relay", pkgver:"2.0pl5-19.4ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"dhcp", pkgver:"2.0pl5-19.4ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"dhcp-client", pkgver:"2.0pl5-19.4ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"dhcp-relay", pkgver:"2.0pl5-19.4ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"dhcp", pkgver:"2.0pl5-19.5ubuntu2.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"dhcp-client", pkgver:"2.0pl5-19.5ubuntu2.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"dhcp-relay", pkgver:"2.0pl5-19.5ubuntu2.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"dhcp", pkgver:"2.0pl5dfsg1-20ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"dhcp-client", pkgver:"2.0pl5dfsg1-20ubuntu1.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"dhcp-relay", pkgver:"2.0pl5dfsg1-20ubuntu1.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhcp / dhcp-client / dhcp-relay"); }

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_109077.NASL
description	SunOS 5.8: dhcp server and admin patch. Date this patch was last updated by Sun : Nov/06/08
last seen	2020-06-01
modified	2020-06-02
plugin id	13310
published	2004-07-12
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13310
title	Solaris 8 (sparc) : 109077-21
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13310); script_version("1.38"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-5365", "CVE-2008-5010"); script_name(english:"Solaris 8 (sparc) : 109077-21"); script_summary(english:"Check for patch 109077-21"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 109077-21" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: dhcp server and admin patch. Date this patch was last updated by Sun : Nov/06/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/109077-21" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109077-21", obsoleted_by:"", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109077-21", obsoleted_by:"", package:"SUNWdhcsu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109077-21", obsoleted_by:"", package:"SUNWdhcm", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109077-21", obsoleted_by:"", package:"SUNWdhcsr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109077-21", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109077-21", obsoleted_by:"", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-531-1.NASL
description	Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	28136
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/28136
title	Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : dhcp vulnerability (USN-531-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-531-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28136); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-5365", "CVE-2008-5010"); script_xref(name:"USN", value:"531-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : dhcp vulnerability (USN-531-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/531-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected dhcp, dhcp-client and / or dhcp-relay packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dhcp-relay"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06\|6\.10\|7\.04\|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"dhcp", pkgver:"2.0pl5-19.4ubuntu0.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"dhcp-client", pkgver:"2.0pl5-19.4ubuntu0.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"dhcp-relay", pkgver:"2.0pl5-19.4ubuntu0.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"dhcp", pkgver:"2.0pl5-19.4ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"dhcp-client", pkgver:"2.0pl5-19.4ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"dhcp-relay", pkgver:"2.0pl5-19.4ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"dhcp", pkgver:"2.0pl5-19.5ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"dhcp-client", pkgver:"2.0pl5-19.5ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"dhcp-relay", pkgver:"2.0pl5-19.5ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"dhcp", pkgver:"2.0pl5dfsg1-20ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"dhcp-client", pkgver:"2.0pl5dfsg1-20ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"dhcp-relay", pkgver:"2.0pl5dfsg1-20ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhcp / dhcp-client / dhcp-relay"); }

Oval

accepted

2008-12-29T04:00:19.867-05:00

class

vulnerability

contributors

name	Pai Peng
organization	Hewlett-Packard

definition_extensions

comment Solaris 8 (SPARC) is installed
oval oval:org.mitre.oval:def:1539
comment Solaris 9 (SPARC) is installed
oval oval:org.mitre.oval:def:1457
comment Solaris 10 (SPARC) is installed
oval oval:org.mitre.oval:def:1440
comment Solaris 8 (x86) is installed
oval oval:org.mitre.oval:def:2059
comment Solaris 9 (x86) is installed
oval oval:org.mitre.oval:def:1683
comment Solaris 10 (x86) is installed
oval oval:org.mitre.oval:def:1926

description

family

unix

oval:org.mitre.oval:def:5668

status

accepted

submitted

2008-11-12T10:55:27.000-05:00

title

Security Vulnerabilities in DHCP Handling of DHCP Requests May Allow Remote Users to Execute Arbitrary Code or Cause a Denial of the DHCP Service

version

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

References