Bugtraq mailing list archives

Possible root exploit in ISC DHCP client.

From: mellon () NOMINUM COM (Ted Lemon)
Date: Sat, 24 Jun 2000 02:28:58 -0700


Somebody at OpenBSD discovered a possible root exploit in the ISC DHCP
client.  This exploit is present in all versions of the ISC DHCP
client prior to 2.0pl1 and 3.0b1pl14, which I just released this
evening.  Anybody who is using versions of the ISC DHCP client other
than these is strongly urged to upgrade.  I would appreciate it if the
OpenBSD people would take a look at the new version to see if they
believe it is a complete fix, and let me know if it isn't.  In any
case, thanks for catching the error!  I'm sorry I'm being so vague
about how this got found, but I don't have time to read bugtraq
anymore, so I was notified roughly fourth-hand.

The ISC DHCP distribution is available at ftp://ftp.isc.org/isc/DHCP,
and anonymous CVS at http://www.isc.org/products/DHCP/anoncvs.html.
The head of the tree in anonymous CVS also contains the fix.

                               _MelloN_

Current thread:

Re: [Stan Bubrouski <satan () FASTDIAL NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]] Frank da Cruz (Jun 23)
- Possible root exploit in ISC DHCP client. Ted Lemon (Jun 24)
  - Re: Possible root exploit in ISC DHCP client. Security (Jun 28)
- Re: [Stan Bubrouski <satan () FASTDIAL NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]] Mitchell Blank Jr (Jun 24)
- <Possible follow-ups>
- Re: [Stan Bubrouski <satan () FASTDIAL NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]] Frank da Cruz (Jun 24)
  - Re: [Stan Bubrouski <satan () FASTDIAL NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]] Stan Bubrouski (Jun 24)
  - Proxy+ Telnet Gateway Problems Andrew Lewis (Jun 26)
    - BOA Webserver local path problem Ian Shaughnessy (Jun 27)