Originally Published: Sunday, 2 July 2000 Author: Derrick H. Lewis
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Linux-Mandrake Security Update- dhcp

The OpenBSD team discovered a vulnerability in it that allows for remote exploitation by a corrupt dhcp server, (or an attacker pretending to be a dhcp server).

   Page 1 of 1  

-------------------------------------

Linux-Mandrake Security Update

-------------------------------------

Date: July, 2nd 2000

Package name: dhcp

Affected versions: 6.0 6.1 7.0 7.1

Problem: The OpenBSD team discovered a vulnerability in it that allows for remote exploitation by a corrupt dhcp server, (or an attacker pretending to be a dhcp server). If this vulnerability is exploited, root access can be gained on the host running dhcp client remotely. The problem is that input is not checked and, as a result, it is possible to execute commands remotely when the network config files are being written on the dhcp client.

Please upgrade to: 6.0/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm 6.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm src: 6.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm 6.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm 6.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm 6.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm src: 6.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm 6.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm 6.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm

To upgrade automatically, use MandrakeUpdate . If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are available in the "updates/" directory.

For example, if you are looking for an updated RPM package for Mandrake 7.1, look for it in: updates/7.1/RPMS/





   Page 1 of 1