Bug 152835 - CAN-2004-1006 dhcp format string vulnerability
Summary: CAN-2004-1006 dhcp format string vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: dhcp
Version: rhl7.3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: LEGACY, rh73
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-08 20:02 UTC by Charles R. Anderson
Modified: 2007-04-18 17:22 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-10 21:29:41 UTC
Embargoed:

Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:29:07 UTC 
"infamous41md" noticed that the log functions in dhcp 2.x pass parameters to a
function that uses format strings. One use seems to be exploitable in connection
with a malicious DNS server.

http://www.debian.org/security/2004/dsa-584
http://secunia.com/advisories/13112/

ISC has released an advisory on this topic:

http://marc.theaimsgroup.com/?l=dhcp-announce&m=109996073218290&w=2

Red Hat Linux 7.3 is the only Legacy-supported release affected.



------- Additional Comments From cra 2004-11-08 15:10:27 ----

Patch available here:

ftp://ftp.isc.org/isc/dhcp/dhcp-2.0-history/dhcp-2.0pl6.patch
ftp://ftp.isc.org/isc/dhcp/dhcp-2.0-history/dhcp-2.0pl6.patch.asc




------- Additional Comments From pekkas 2004-12-19 10:29:29 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Minimal-change packages created for RHL73 with the patch added.

http://www.netcore.fi/pekkas/linux/dhcp-2.0pl5-8.1.legacy.i386.rpm
http://www.netcore.fi/pekkas/linux/dhcp-2.0pl5-8.1.legacy.src.rpm

Changelog:

* Sun Dec 19 2004 Pekka Savola <pekkas> 1:2.0pl5-8.1.legacy
- - add ftp://ftp.isc.org/isc/dhcp/dhcp-2.0-history/dhcp-2.0pl6.patch to
  fix CAN-2004-1006

SHA1sums:
1c47b6cbffa953e201a9d46ed4f62b3784e4bd92  dhcp-2.0pl5-8.1.legacy.i386.rpm
2e8fce19ea58a7c1957d866afdbaa3656202e463  dhcp-2.0pl5-8.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBxeRYGHbTkzxSL7QRAmVyAKDB9B+Q/ZOIYcNEd/Tyt8lyC38J5QCdGLCX
9aHS0Eesr/nuJO4xqKNOx04=
=vlKa
-----END PGP SIGNATURE-----



------- Additional Comments From marcdeslauriers 2005-03-02 16:39:00 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did QA on the new packages:

2e8fce19ea58a7c1957d866afdbaa3656202e463  dhcp-2.0pl5-8.1.legacy.src.rpm

- - Source files match previous release
- - Patch file matches upstream
- - Spec file changes are good

+PUBLISH

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCJni5LMAs/0C4zNoRAtF9AJoD/AmPU92tlGA1kAYk+Q/icKussQCgppjJ
tCrfK+J5xYYPX1qJBxltz8E=
=NaCG
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2005-03-05 04:55:56 ----

Packages were pushed to updates-testing



------- Bug moved to this database by dkl 2005-03-30 18:29 -------

This bug previously known as bug 2251 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2251
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.
Comment 1 Pekka Savola 2005-06-29 08:58:09 UTC 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Quick test on RHL73.  After the upgrade,
DHCP client still seems to work as normal. +VERIFY RHL73
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFCwmKKGHbTkzxSL7QRAh0BAKCvMCeniTkmLD0W2miGEkpECDwoxQCgj39P
npXfDM+v8ReqQtGqULQG6YY=
=F6JQ
-----END PGP SIGNATURE-----
Comment 2 Marc Deslauriers 2005-07-10 21:29:41 UTC 
Packages were officially released.
Note You need to log in before you can comment on or make changes to this bug.