[SECURITY] [DSA 584-1] New dhcp packages fix format string vulnerability

From: Martin Schulze (joey_at_infodrom.org)
Date: 11/04/04

Next message: Thierry Carrez: "[ GLSA 200411-08 ] GD: Integer overflow"

Previous message: Conectiva Updates: "[CLA-2004:883] Conectiva Security Announcement - subversion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 4 Nov 2004 18:28:41 +0100 (CET)
To: bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 584-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 4th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : dhcp
Vulnerability : format string vulnerability
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1006

"infamous41md" noticed that the log functions in dhcp 2.x, which is
still distributed in the stable Debian release, contained pass
parameters to function that use format strings. One use seems to be
exploitable in connection with a malicious DNS server.

For the stable distribution (woody) these problems have been fixed in
version 2.0pl5-11woody1.

For the unstable distribution (sid) these problems have been fixed in
version 2.0pl5-19.1.

We recommend that you upgrade your dhcp package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1.dsc
      Size/MD5 checksum: 683 9fbc12c28d4c973fc85157331c26aae5
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1.diff.gz
      Size/MD5 checksum: 48678 11af0bf9045654e302da7704d856ead4
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
      Size/MD5 checksum: 294909 ab22f363a7aff924e2cc9d1019a21498

Alpha architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_alpha.deb
      Size/MD5 checksum: 230656 6c7c2c912063527503ca64b59e3a58ac
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_alpha.deb
      Size/MD5 checksum: 215658 24dabab111aec962caacf5a793d15338
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_alpha.deb
      Size/MD5 checksum: 159940 a447290821e3737d567c5949f7ca9966

ARM architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_arm.deb
      Size/MD5 checksum: 211188 636b1709fbb6cea278b4248130e320c0
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_arm.deb
      Size/MD5 checksum: 198582 e0efe5b93e0ecbc34caec0c7a15c9700
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_arm.deb
      Size/MD5 checksum: 148746 0ce691f9f921277d9b526161921999c3

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_i386.deb
      Size/MD5 checksum: 204550 9dd0affebf04890280d57cc27221d12c
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_i386.deb
      Size/MD5 checksum: 192092 8f70ab57e89a22dd7b9ce5c1d9f51a35
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_i386.deb
      Size/MD5 checksum: 144962 c03163e469f7477f4479d2400a16ea5e

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_ia64.deb
      Size/MD5 checksum: 295214 483b1ad144c76ac994c3db46d0dce32f
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_ia64.deb
      Size/MD5 checksum: 277702 31597876b5623a7d1b24b28db3fc4e55
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_ia64.deb
      Size/MD5 checksum: 197380 00747f82e74e9b8856b9676d9c14124f

HP Precision architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_hppa.deb
      Size/MD5 checksum: 209292 317aeeacb930a39d7d2dc5e59c532f3a
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_hppa.deb
      Size/MD5 checksum: 197714 4ba10395c93aae31d4c27fa193964a65
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_hppa.deb
      Size/MD5 checksum: 149114 322771b83583570cd6f350ba6a1e4b0f

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_m68k.deb
      Size/MD5 checksum: 200208 c931a802045b2be93488bd45b6dc4eed
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_m68k.deb
      Size/MD5 checksum: 188024 d25022b06425b4717d7e884fe44403d2
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_m68k.deb
      Size/MD5 checksum: 143126 dd38b9e0ea2ecd5455e3c506e259d41a

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_mips.deb
      Size/MD5 checksum: 217844 fa15e8387bb50f9011f8bda8110bc0e6
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_mips.deb
      Size/MD5 checksum: 205468 36b92f32880cc70bb1ce7277f393df0e
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_mips.deb
      Size/MD5 checksum: 154020 cb8cd4947dbfc2b65991095e8a35c36f

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_mipsel.deb
      Size/MD5 checksum: 217290 67f7e6c6d879b533936f70711ee48c4c
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_mipsel.deb
      Size/MD5 checksum: 204742 5c654f6cb04582739fc3aa445a865243
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_mipsel.deb
      Size/MD5 checksum: 153376 0672d189292961527c0d06b14db6f781

PowerPC architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_powerpc.deb
      Size/MD5 checksum: 205052 fe96048ef94b2a8b99fa54539b0455b5
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_powerpc.deb
      Size/MD5 checksum: 192580 94c021c9da018495aa462d27e3078bb1
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_powerpc.deb
      Size/MD5 checksum: 145924 2a95b2aad76a2578e7ade66f65e39f33

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_s390.deb
      Size/MD5 checksum: 207858 8770a183836bc33dd38f78375b47dca7
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_s390.deb
      Size/MD5 checksum: 195460 c7ea6dfb54bad5e2855f774cdc40cb8d
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_s390.deb
      Size/MD5 checksum: 148234 b6b2b6feb6477ad485c9f5a3145c9da1

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_sparc.deb
      Size/MD5 checksum: 212454 185e57de8c23336e25b50251e42ea317
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_sparc.deb
      Size/MD5 checksum: 200980 4f8eadd993129822ebc700348d10f7d8
    http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_sparc.deb
      Size/MD5 checksum: 153904 8cb3d4a775bedaf06bdbaea21f765448

These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBimbIW5ql+IAeqTIRAvvHAJwP0/wgsE7/1UB9WNApOShda4X4UwCgl1l+
RLloUIuoWFERWLbeQ21KcHE=
=n41j
-----END PGP SIGNATURE-----

Next message: Thierry Carrez: "[ GLSA 200411-08 ] GD: Integer overflow"

Previous message: Conectiva Updates: "[CLA-2004:883] Conectiva Security Announcement - subversion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[SECURITY] [DSA 177-1] New PAM packages fix serious security violation in Debian/unstable
... Paul Aurich and Samuele Giovanni Tonon discovered a serious security ... The stable distribution, the old stable ... As stated in the Debian security team FAQ, ... Architecture independent components: ...
(Bugtraq)
[Full-Disclosure] [SECURITY] [DSA 177-1] New PAM packages fix serious security violation in Debian/u
... Paul Aurich and Samuele Giovanni Tonon discovered a serious security ... The stable distribution, the old stable ... As stated in the Debian security team FAQ, ... Architecture independent components: ...
(Full-Disclosure)
[SECURITY] [DSA 112-1] New hanterm packages fix buffer overflow
... A set of buffer overflow problems have been found in hanterm, ... Debian distribution. ... If you are using the apt-get package manager, ... Alpha architecture: ...
(Bugtraq)
[SECURITY] [DSA 108-1] New wmtv packages fix symlink vulnerability
... Nicolas Boullis found some security problems in the wmtv package (a ... If you are using the apt-get package manager, ... Debian GNU/Linux 2.2 alias potato ... Alpha architecture: ...
(Bugtraq)
[SECURITY] [DSA 116-1] New CFS packages fix security problems
... Vulnerability: buffer overflow ... This problem has been fixed in version 1.3.3-8.1 for the stable Debian ... If you are using the apt-get package manager, ... Alpha architecture: ...
(Bugtraq)