| [Home] [Credit Search] [Category Browser] [Staff Roll Call] | The LINUX.COM Article Archive |
| Originally Published: Sunday, 2 July 2000 | Author: Derrick H. Lewis |
| Published to: news_enhance_security/Security News | Page: 1/1 - [Std View] |
Linux-Mandrake Security Update- dhcp
The OpenBSD team discovered a vulnerability in it that allows for
remote exploitation by a corrupt dhcp server, (or an attacker
pretending to be a dhcp server).
|
|
Linux-Mandrake Security Update
-------------------------------------
Date: July, 2nd 2000
Package name: dhcp
Affected versions: 6.0 6.1 7.0 7.1
Problem: The OpenBSD team discovered a vulnerability in it that allows for remote exploitation by a corrupt dhcp server, (or an attacker pretending to be a dhcp server). If this vulnerability is exploited, root access can be gained on the host running dhcp client remotely. The problem is that input is not checked and, as a result, it is possible to execute commands remotely when the network config files are being written on the dhcp client.
Please upgrade to: 6.0/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm 6.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm src: 6.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm 6.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm 6.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm 6.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm src: 6.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm 6.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm 6.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm
To upgrade automatically, use « MandrakeUpdate ». If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are available in the "updates/" directory.
For example, if you are looking for an updated RPM package for Mandrake 7.1, look for it in: updates/7.1/RPMS/