Vulnerabilities > CVE-2009-0692 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ISC Dhcp
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description ISC DHCP 'dhclient' 'script_write_params()' - Stack Buffer Overflow Vulnerability. CVE-2009-0692. Remote exploits for multiple platform id EDB-ID:10015 last seen 2016-02-01 modified 2009-11-10 published 2009-11-10 reporter Jon Oberheide source https://www.exploit-db.com/download/10015/ title ISC DHCP 'dhclient' 'script_write_params' - Stack Buffer Overflow Vulnerability description ISC DHCP dhclient < 3.1.2p1 Remote Buffer Overflow PoC. CVE-2009-0692. Dos exploit for linux platform id EDB-ID:9265 last seen 2016-02-01 modified 2009-07-27 published 2009-07-27 reporter Jon Oberheide source https://www.exploit-db.com/download/9265/ title ISC DHCP dhclient < 3.1.2p1 - Remote Buffer Overflow PoC
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-9075.NASL description Do not require policycoreutils when installing dhcp or dhclient packages. If you have the package installed, the /sbin/restorecon program will be used by dhclient-script and the dhcpd init script. This update to the dhcp package includes fixes for CVE-2009-0692 and CVE-2009-1892. More information on these issues are available here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892 Note: CVE-2009-0692 had no security consequences on Fedora, thanks to the use of FORTIFY_SOURCE Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42454 published 2009-11-11 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42454 title Fedora 11 : dhcp-4.1.0p1-4.fc11 (2009-9075) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1833.NASL description Several remote vulnerabilities have been discovered in ISC last seen 2020-06-01 modified 2020-06-02 plugin id 44698 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44698 title Debian DSA-1833-1 : dhcp3 - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_1_DHCP-090626.NASL description The DHCP client (dhclient) could be crashed by a malicious DHCP server sending a overlong subnet field. (CVE-2009-0692) In some circumstances code execution might be possible, but might is likely caught by the buffer overflow checking of the FORTIFY_SOURCE extension. last seen 2020-06-01 modified 2020-06-02 plugin id 40212 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40212 title openSUSE Security Update : dhcp (dhcp-1067) NASL family SuSE Local Security Checks NASL id SUSE_11_DHCP-CLIENT-090626.NASL description The DHCP client (dhclient) could be crashed by a malicious DHCP server sending a overlong subnet field. (CVE-2009-0692) In some circumstances code execution might be possible, but might be caught by the buffer overflow checking in newer distributions. (SLES 10 and 11). last seen 2020-06-01 modified 2020-06-02 plugin id 41383 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41383 title SuSE 11 Security Update : dhcp-client (SAT Patch Number 1041) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-803-1.NASL description It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the last seen 2020-06-01 modified 2020-06-02 plugin id 39800 published 2009-07-15 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39800 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : dhcp3 vulnerability (USN-803-1) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0014.NASL description a. Service Console update for DHCP and third-party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network. A stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue. An insecure temporary file use flaw was discovered in the DHCP daemon last seen 2020-06-01 modified 2020-06-02 plugin id 42179 published 2009-10-19 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42179 title VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C444C8B7716911DE9AB7000C29A67389.NASL description US-CERT reports : The ISC DHCP dhclient application contains a stack-based buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 39802 published 2009-07-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39802 title FreeBSD : isc-dhcp-client -- Stack overflow vulnerability (c444c8b7-7169-11de-9ab7-000c29a67389) NASL family SuSE Local Security Checks NASL id SUSE_DHCP-6336.NASL description The DHCP client (dhclient) could be crashed by a malicious DHCP server sending a overlong subnet field. (CVE-2009-0692) In some circumstances code execution might be possible, but might is likely caught by the buffer overflow checking of the FORTIFY_SOURCE extension. last seen 2020-06-01 modified 2020-06-02 plugin id 41996 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41996 title openSUSE 10 Security Update : dhcp (dhcp-6336) NASL family SuSE Local Security Checks NASL id SUSE_11_0_DHCP-090626.NASL description The DHCP client (dhclient) could be crashed by a malicious DHCP server sending a overlong subnet field. (CVE-2009-0692) In some circumstances code execution might be possible, but might is likely caught by the buffer overflow checking of the FORTIFY_SOURCE extension. last seen 2020-06-01 modified 2020-06-02 plugin id 39950 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39950 title openSUSE Security Update : dhcp (dhcp-1067) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1154.NASL description Updated dhcp packages that fix two security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) An insecure temporary file use flaw was discovered in the DHCP daemon last seen 2020-06-01 modified 2020-06-02 plugin id 39801 published 2009-07-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39801 title CentOS 3 : dhcp (CESA-2009:1154) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1154.NASL description From Red Hat Security Advisory 2009:1154 : Updated dhcp packages that fix two security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) An insecure temporary file use flaw was discovered in the DHCP daemon last seen 2020-06-01 modified 2020-06-02 plugin id 67891 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67891 title Oracle Linux 3 : dhcp (ELSA-2009-1154) NASL family Scientific Linux Local Security Checks NASL id SL_20090714_DHCP_ON_SL3_X.NASL description The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) An insecure temporary file use flaw was discovered in the DHCP daemon last seen 2020-06-01 modified 2020-06-02 plugin id 60615 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60615 title Scientific Linux Security Update : dhcp on SL3.x, SL4.x i386/x86_64 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-803-2.NASL description USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch improperly applied, the default compiler options reduced the vulnerability to a denial of service. Additionally, in Ubuntu 9.04 and higher, users were also protected by the AppArmor dhclient3 profile. This update fixes the problem. It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the last seen 2020-06-01 modified 2020-06-02 plugin id 44326 published 2010-01-28 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44326 title Ubuntu 8.10 / 9.04 / 9.10 : dhcp3 vulnerability (USN-803-2) NASL family Misc. NASL id VMWARE_VMSA-2009-0014_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - ISC DHCP dhclient - Integrated Services Digital Network (ISDN) subsystem - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Web Start - Linux kernel - Linux kernel 32-bit and 64-bit emulation - Linux kernel Simple Internet Transition INET6 - Linux kernel tty - Linux kernel virtual file system (VFS) - Red Hat dhcpd init script for DHCP - SBNI WAN driver last seen 2020-06-01 modified 2020-06-02 plugin id 89116 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89116 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8344.NASL description This update to the dhcp package includes fixes for CVE-2009-0692 and CVE-2009-1892. More information on these issues are available here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892 Note: CVE-2009-0692 had no security consequences on Fedora, thanks to the use of FORTIFY_SOURCE Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40774 published 2009-08-26 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40774 title Fedora 10 : dhcp-4.0.0-37.fc10 (2009-8344) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-312.NASL description A vulnerability has been found and corrected in ISC DHCP : Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients (CVE-2007-0062). Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option (CVE-2009-0692). ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially crafted DHCP requests to cause the server to stop responding (CVE-2009-1892). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides fixes for this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 42998 published 2009-12-04 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42998 title Mandriva Linux Security Advisory : dhcp (MDVSA-2009:312) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1136.NASL description From Red Hat Security Advisory 2009:1136 : Updated dhcp packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 4.7 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67886 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67886 title Oracle Linux 4 : dhcp (ELSA-2009-1136) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200907-12.NASL description The remote host is affected by the vulnerability described in GLSA-200907-12 (ISC DHCP: dhcpclient Remote execution of arbitrary code) The Mandriva Linux Engineering Team has reported a stack-based buffer overflow in the subnet-mask handling of dhclient. Impact : A remote attacker might set up a rogue DHCP server in a victim last seen 2020-06-01 modified 2020-06-02 plugin id 39797 published 2009-07-15 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39797 title GLSA-200907-12 : ISC DHCP: dhcpclient Remote execution of arbitrary code NASL family SuSE Local Security Checks NASL id SUSE_DHCP-6335.NASL description The DHCP client (dhclient) could be crashed by a malicious DHCP server sending a overlong subnet field. (CVE-2009-0692) In some circumstances code execution might be possible, but might be caught by the buffer overflow checking in newer distributions. (SLES 10 and 11). last seen 2020-06-01 modified 2020-06-02 plugin id 41502 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41502 title SuSE 10 Security Update : dhclient (ZYPP Patch Number 6335) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1136.NASL description Updated dhcp packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 4.7 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 39798 published 2009-07-15 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39798 title RHEL 4 : dhcp (RHSA-2009:1136) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1154.NASL description Updated dhcp packages that fix two security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) An insecure temporary file use flaw was discovered in the DHCP daemon last seen 2020-06-01 modified 2020-06-02 plugin id 39799 published 2009-07-15 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39799 title RHEL 3 : dhcp (RHSA-2009:1154) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-151.NASL description A vulnerability has been found and corrected in ISC DHCP : Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option (CVE-2009-0692). This update provides fixes for this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 39804 published 2009-07-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39804 title Mandriva Linux Security Advisory : dhcp (MDVSA-2009:151) NASL family SuSE Local Security Checks NASL id SUSE9_12447.NASL description The DHCP client (dhclient) could be crashed by a malicious DHCP server sending an overlong subnet field. Under some circumstances remote code execution might be possible by exploiting the resulting buffer overflow. This issue has been tracked by CVE-2009-0692. last seen 2020-06-01 modified 2020-06-02 plugin id 41310 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41310 title SuSE9 Security Update : dhcp-client (YOU Patch Number 12447) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-195-01.NASL description New dhcp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue with dhclient. Note that dhclient is not the default DHCP client in Slackware last seen 2020-06-01 modified 2020-06-02 plugin id 39796 published 2009-07-15 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39796 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : dhcp (SSA:2009-195-01)
Oval
accepted 2013-04-29T04:08:26.614-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. family unix id oval:org.mitre.oval:def:10758 status accepted submitted 2010-07-09T03:56:16-04:00 title Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. version 27 accepted 2010-01-11T04:01:30.677-05:00 class vulnerability contributors name Michael Wood organization Hewlett-Packard definition_extensions comment VMWare ESX Server 3.0.3 is installed oval oval:org.mitre.oval:def:6026 comment VMware ESX Server 3.5.0 is installed oval oval:org.mitre.oval:def:5887
description Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. family unix id oval:org.mitre.oval:def:5941 status accepted submitted 2009-09-23T15:39:02.000-04:00 title DHCP dhclient Stack Overflow in script_write_params() Lets Remote Users Execute Arbitrary Code version 4
Packetstorm
| data source | https://packetstormsecurity.com/files/download/79651/iscdhcp-overflow.txt |
| id | PACKETSTORM:79651 |
| last seen | 2016-12-05 |
| published | 2009-07-28 |
| reporter | Jon Oberheide |
| source | https://packetstormsecurity.com/files/79651/ISC-DHCP-dhclient-Buffer-Overflow.html |
| title | ISC DHCP dhclient Buffer Overflow |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:66748 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-66748 title ISC DHCP dhclient < 3.1.2p1 Remote Buffer Overflow PoC bulletinFamily exploit description No description provided by source. id SSV:67020 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-67020 title ISC DHCP 'dhclient' 'script_write_params()' - Stack Buffer Overflow Vulnerability bulletinFamily exploit description No description provided by source. id SSV:14375 last seen 2017-11-19 modified 2009-11-10 published 2009-11-10 reporter Root source https://www.seebug.org/vuldb/ssvid-14375 title ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability bulletinFamily exploit description No description provided by source. id SSV:11889 last seen 2017-11-19 modified 2009-07-28 published 2009-07-28 reporter Root source https://www.seebug.org/vuldb/ssvid-11889 title ISC DHCP dhclient < 3.1.2p1 Remote Buffer Overflow PoC
Statements
| contributor | Tomas Hoger |
| lastmodified | 2009-07-16 |
| organization | Red Hat |
| statement | This issue affected the dhcp packages as shipped with Red Hat Enterprise Linux 3 and 4. Updated packages to correct this issue are available via Red Hat Network: https://rhn.redhat.com/errata/CVE-2009-0692.html This issue did not affect the dhcp packages as shipped with Red Hat Enterprise Linux 5 due to the use of FORTIFY_SOURCE protection mechanism that changes the exploitability of the issue into a controlled application termination. |
References
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html
- http://secunia.com/advisories/35785
- http://secunia.com/advisories/35829
- http://secunia.com/advisories/35830
- http://secunia.com/advisories/35831
- http://secunia.com/advisories/35832
- http://secunia.com/advisories/35841
- http://secunia.com/advisories/35849
- http://secunia.com/advisories/35850
- http://secunia.com/advisories/35851
- http://secunia.com/advisories/35880
- http://secunia.com/advisories/36457
- http://secunia.com/advisories/37342
- http://secunia.com/advisories/40551
- http://security.gentoo.org/glsa/glsa-200907-12.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471
- http://www.debian.org/security/2009/dsa-1833
- http://www.kb.cert.org/vuls/id/410676
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:151
- http://www.osvdb.org/55819
- http://www.redhat.com/support/errata/RHSA-2009-1136.html
- http://www.redhat.com/support/errata/RHSA-2009-1154.html
- http://www.securityfocus.com/bid/35668
- http://www.securitytracker.com/id?1022548
- http://www.ubuntu.com/usn/usn-803-1
- http://www.vupen.com/english/advisories/2009/1891
- http://www.vupen.com/english/advisories/2010/1796
- https://bugzilla.redhat.com/show_bug.cgi?id=507717
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941
- https://www.isc.org/downloadables/12
- https://www.isc.org/node/468
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html