Test ID:	1.3.6.1.4.1.25623.1.0.59221
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-531-1 (dhcp)
Summary:	Ubuntu USN-531-1 (dhcp)
Description:	Description: The remote host is missing an update to dhcp announced via advisory USN-531-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: dhcp 2.0pl5-19.4ubuntu0.1 Ubuntu 6.10: dhcp 2.0pl5-19.4ubuntu1.1 Ubuntu 7.04: dhcp 2.0pl5-19.5ubuntu2.1 Ubuntu 7.10: dhcp 2.0pl5dfsg1-20ubuntu1.1 In general, a standard system upgrade is sufficient to affect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-531-1 Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5365 Bugtraq: 20071011 CORE-2007-0928: Stack-based buffer overflow vulnerability in OpenBSDâ??s DHCP server (Google Search) http://www.securityfocus.com/archive/1/archive/1/482085/100/100/threaded Bugtraq: 20071102 DoS Exploit for DHCPd bug (Bugtraq ID 25984 ; CVE-2007-5365) (Google Search) http://www.securityfocus.com/archive/1/archive/1/483230/100/100/threaded http://www.milw0rm.com/exploits/4601 http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1962 Debian Security Information: DSA-1388 (Google Search) http://www.debian.org/security/2007/dsa-1388 OpenBSD Security Advisory: [4.0] 20071008 016: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata40.html#016_dhcpd OpenBSD Security Advisory: [4.1] 20071008 010: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata41.html#010_dhcpd OpenBSD Security Advisory: [4.2] 20071008 001: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata42.html#001_dhcpd http://www.redhat.com/support/errata/RHSA-2007-0970.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1 http://www.ubuntu.com/usn/usn-531-1 http://www.ubuntu.com/usn/usn-531-2 BugTraq ID: 25984 http://www.securityfocus.com/bid/25984 BugTraq ID: 32213 http://www.securityfocus.com/bid/32213 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5817 http://www.vupen.com/english/advisories/2008/3088 http://www.securitytracker.com/id?1018794 http://securitytracker.com/id?1021157 http://secunia.com/advisories/27160 http://secunia.com/advisories/27273 http://secunia.com/advisories/27350 http://secunia.com/advisories/27338 http://secunia.com/advisories/32668 XForce ISS Database: openbsd-dhcp-bo(37045) http://xforce.iss.net/xforce/xfdb/37045
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: