Bug 152835 - CAN-2004-1006 dhcp format string vulnerability
CAN-2004-1006 dhcp format string vulnerability
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: dhcp (Show other bugs)
rhl7.3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://cve.mitre.org/cgi-bin/cvename....
LEGACY, rh73
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-08 15:02 EST by Charles R. Anderson
Modified: 2007-04-18 13:22 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-10 17:29:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:29:07 EST
"infamous41md" noticed that the log functions in dhcp 2.x pass parameters to a
function that uses format strings. One use seems to be exploitable in connection
with a malicious DNS server.

http://www.debian.org/security/2004/dsa-584
http://secunia.com/advisories/13112/

ISC has released an advisory on this topic:

http://marc.theaimsgroup.com/?l=dhcp-announce&m=109996073218290&w=2

Red Hat Linux 7.3 is the only Legacy-supported release affected.



------- Additional Comments From cra@wpi.edu 2004-11-08 15:10:27 ----

Patch available here:

ftp://ftp.isc.org/isc/dhcp/dhcp-2.0-history/dhcp-2.0pl6.patch
ftp://ftp.isc.org/isc/dhcp/dhcp-2.0-history/dhcp-2.0pl6.patch.asc




------- Additional Comments From pekkas@netcore.fi 2004-12-19 10:29:29 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Minimal-change packages created for RHL73 with the patch added.

http://www.netcore.fi/pekkas/linux/dhcp-2.0pl5-8.1.legacy.i386.rpm
http://www.netcore.fi/pekkas/linux/dhcp-2.0pl5-8.1.legacy.src.rpm

Changelog:

* Sun Dec 19 2004 Pekka Savola <pekkas@netcore.fi> 1:2.0pl5-8.1.legacy
- - add ftp://ftp.isc.org/isc/dhcp/dhcp-2.0-history/dhcp-2.0pl6.patch to
  fix CAN-2004-1006

SHA1sums:
1c47b6cbffa953e201a9d46ed4f62b3784e4bd92  dhcp-2.0pl5-8.1.legacy.i386.rpm
2e8fce19ea58a7c1957d866afdbaa3656202e463  dhcp-2.0pl5-8.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBxeRYGHbTkzxSL7QRAmVyAKDB9B+Q/ZOIYcNEd/Tyt8lyC38J5QCdGLCX
9aHS0Eesr/nuJO4xqKNOx04=
=vlKa
-----END PGP SIGNATURE-----



------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-02 16:39:00 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did QA on the new packages:

2e8fce19ea58a7c1957d866afdbaa3656202e463  dhcp-2.0pl5-8.1.legacy.src.rpm

- - Source files match previous release
- - Patch file matches upstream
- - Spec file changes are good

+PUBLISH

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCJni5LMAs/0C4zNoRAtF9AJoD/AmPU92tlGA1kAYk+Q/icKussQCgppjJ
tCrfK+J5xYYPX1qJBxltz8E=
=NaCG
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-05 04:55:56 ----

Packages were pushed to updates-testing



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:29 -------

This bug previously known as bug 2251 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2251
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Pekka Savola 2005-06-29 04:58:09 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Quick test on RHL73.  After the upgrade,
DHCP client still seems to work as normal. +VERIFY RHL73
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFCwmKKGHbTkzxSL7QRAh0BAKCvMCeniTkmLD0W2miGEkpECDwoxQCgj39P
npXfDM+v8ReqQtGqULQG6YY=
=F6JQ
-----END PGP SIGNATURE-----
Comment 2 Marc Deslauriers 2005-07-10 17:29:41 EDT
Packages were officially released.

Note You need to log in before you can comment on or make changes to this bug.