Test ID:	1.3.6.1.4.1.25623.1.0.840181
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-531-2)
Summary:	The remote host is missing an update for the 'dhcp' package(s) announced via the USN-531-2 advisory.
Description:	Summary: The remote host is missing an update for the 'dhcp' package(s) announced via the USN-531-2 advisory. Vulnerability Insight: USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem. Original advisory details: Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code. Affected Software/OS: 'dhcp' package(s) on Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04, Ubuntu 7.10. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5365 BugTraq ID: 25984 http://www.securityfocus.com/bid/25984 BugTraq ID: 32213 http://www.securityfocus.com/bid/32213 Bugtraq: 20071011 CORE-2007-0928: Stack-based buffer overflow vulnerability in OpenBSDâ??s DHCP server (Google Search) http://www.securityfocus.com/archive/1/482085/100/100/threaded Bugtraq: 20071102 DoS Exploit for DHCPd bug (Bugtraq ID 25984 ; CVE-2007-5365) (Google Search) http://www.securityfocus.com/archive/1/483230/100/100/threaded Debian Security Information: DSA-1388 (Google Search) http://www.debian.org/security/2007/dsa-1388 https://www.exploit-db.com/exploits/4601 http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1962 OpenBSD Security Advisory: [4.0] 20071008 016: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata40.html#016_dhcpd OpenBSD Security Advisory: [4.1] 20071008 010: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata41.html#010_dhcpd OpenBSD Security Advisory: [4.2] 20071008 001: SECURITY FIX: October 8, 2007 http://www.openbsd.org/errata42.html#001_dhcpd https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5817 http://www.redhat.com/support/errata/RHSA-2007-0970.html http://www.securitytracker.com/id?1018794 http://securitytracker.com/id?1021157 http://secunia.com/advisories/27160 http://secunia.com/advisories/27273 http://secunia.com/advisories/27338 http://secunia.com/advisories/27350 http://secunia.com/advisories/32668 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1 http://www.ubuntu.com/usn/usn-531-1 http://www.ubuntu.com/usn/usn-531-2 http://www.vupen.com/english/advisories/2008/3088 XForce ISS Database: openbsd-dhcp-bo(37045) https://exchange.xforce.ibmcloud.com/vulnerabilities/37045
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.