Bugtraq mailing list archives
DHCP 1.0 and 2.0 SECURITY ALERT! (fwd)
From: chris () ferret lmh ox ac uk (Chris Evans)
Date: Mon, 18 May 1998 15:12:50 +0100
Hi, I found some nasty security problems with dhcpd. They appear to have been addressed in an official release + patch, so it's time to let the world know... It's probably mentioned in the following forwarded announcement, but if using dhcpd, you really should consider this a mandatory upgrade... :) Thanks to Alan Cox for co-ordinating things once the problem was discovered. Chris ------- Blind-Carbon-Copy To: dhcp-announce () fugue com Subject: DHCP 1.0 and 2.0 SECURITY ALERT! Date: Sun, 17 May 1998 23:45:15 -0700 From: Ted Lemon <mellon () andare fugue com> There are two bugs in all previous releases of the Internet Software Consortium DHCP Distribution which can be exploited to crash the DHCP server, or possibly worse. I have prepared new distributions of version 1.0 and 2.0 of the DHCP Distribution which correct these problems. Patches and for and new distributions of version 1.0 and version 2.0 are available at: ftp://ftp.isc.org/isc/dhcp/dhcp-1.0.0-1.0pl1.diff.gz ftp://ftp.isc.org/isc/dhcp/dhcp-2.0b1pl0-2.0b1pl1.diff.gz ftp://ftp.isc.org/isc/dhcp/dhcp-1.0pl1.tar.gz ftp://ftp.isc.org/isc/dhcp/dhcp-2.0b1pl1.tar.gz This is not the long-awaited first snapshot of 3.0, but there are some additional bug fixes in these releases. Please upgrade at your earliest convenience. Also, please accept my humble apology for making one of the oldest, stupidest security mistakes in the book. Sigh. BTW, thanks to Chris Evans and Alan Cox of the Linux development team for finding these bugs. _MelloN_ ------- End of Blind-Carbon-Copy
Current thread:
- Re: easy DoS in most RPC apps, (continued)
- Re: easy DoS in most RPC apps David LeBlanc (May 17)
- Re: easy DoS in most RPC apps Scott Stone (May 17)
- Re: easy DoS in most RPC apps Bill Paul (May 17)
- Re: easy DoS in most RPC apps Olaf Kirch (May 18)
- simple kde exploit fix David Zhao (May 17)
- Re: simple kde exploit fix Luca Berra (May 18)
- NFS shell Leendert van Doorn (May 18)
- Re: NFS shell Oliver Friedrichs (May 19)
- Re: NFS shell Leendert van Doorn (May 19)
- Re: easy DoS in most RPC apps Scott Stone (May 17)
- Re: easy DoS in most RPC apps David LeBlanc (May 17)
- Re: simple kde exploit fix Andreas Jellinghaus (May 18)
- DHCP 1.0 and 2.0 SECURITY ALERT! (fwd) Chris Evans (May 18)