View Full Version : USN-531-2: dhcp vulnerability

October 23rd, 2007, 10:20 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-531-2 October 23, 2007 dhcp vulnerability CVE-2007-5365 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: dhcp 2.0pl5-19.4ubuntu0.2 Ubuntu 6.10: dhcp 2.0pl5-19.4ubuntu1.2 Ubuntu 7.04: dhcp 2.0pl5-19.5ubuntu2.2 Ubuntu 7.10: dhcp 2.0pl5dfsg1-20ubuntu1.2 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem. Original advisory details: Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code.

More... (http://www.ubuntu.com/usn/usn-531-2)