Test ID:	1.3.6.1.4.1.25623.1.0.59224
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-531-2 (dhcp)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to dhcp announced via advisory USN-531-2. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem. Original advisory details: Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: dhcp 2.0pl5-19.4ubuntu0.2 Ubuntu 6.10: dhcp 2.0pl5-19.4ubuntu1.2 Ubuntu 7.04: dhcp 2.0pl5-19.5ubuntu2.2 Ubuntu 7.10: dhcp 2.0pl5dfsg1-20ubuntu1.2 In general, a standard system upgrade is sufficient to affect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-531-2 Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5365 BugTraq ID: 25984 http://www.securityfocus.com/bid/25984 BugTraq ID: 32213 http://www.securityfocus.com/bid/32213 Bugtraq: 20071011 CORE-2007-0928: Stack-based buffer overflow vulnerability in OpenBSDâ??s DHCP server (Google Search) http://www.securityfocus.com/archive/1/482085/100/100/threaded Bugtraq: 20071102 DoS Exploit for DHCPd bug (Bugtraq ID 25984 ; CVE-2007-5365) (Google Search) http://www.securityfocus.com/archive/1/483230/100/100/threaded Debian Security Information: DSA-1388 (Google Search) http://www.debian.org/security/2007/dsa-1388 https://www.exploit-db.com/exploits/4601 http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1962 OpenBSD Security Advisory: [4.0] 20071008 016: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata40.html#016_dhcpd OpenBSD Security Advisory: [4.1] 20071008 010: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata41.html#010_dhcpd OpenBSD Security Advisory: [4.2] 20071008 001: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata42.html#001_dhcpd https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5817 http://www.redhat.com/support/errata/RHSA-2007-0970.html http://www.securitytracker.com/id?1018794 http://securitytracker.com/id?1021157 http://secunia.com/advisories/27160 http://secunia.com/advisories/27273 http://secunia.com/advisories/27338 http://secunia.com/advisories/27350 http://secunia.com/advisories/32668 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1 http://www.ubuntu.com/usn/usn-531-1 http://www.ubuntu.com/usn/usn-531-2 http://www.vupen.com/english/advisories/2008/3088 XForce ISS Database: openbsd-dhcp-bo(37045) https://exchange.xforce.ibmcloud.com/vulnerabilities/37045
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.