Description: | Description: The remote host is missing updates announced in advisory RHSA-2009:1154.
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address.
The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692)
An insecure temporary file use flaw was discovered in the DHCP daemon's init script (/etc/init.d/dhcpd). A local attacker could use this flaw to overwrite an arbitrary file with the output of the dhcpd -t command via a symbolic link attack, if a system administrator executed the DHCP init script with the configtest, restart, or reload option. (CVE-2009-1893)
Users of DHCP should upgrade to these updated packages, which contain backported patches to correct these issues.
Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2009-1154.html http://www.redhat.com/security/updates/classification/#critical
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|