-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: dhcpd dynamic DNS format string vulnerability Advisory number: CSSA-2002-028.0 Issue date: 2002 June 19 Cross reference: ______________________________________________________________________________ 1. Problem Description A remote exploitable format string vulnerability was found in the logging routines of the dynamic DNS code of dhcpd. This vulnerability can allow an attacker to get root access to the host running dhcpd. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to dhcp-3.0b2pl9-11.i386.rpm prior to dhcp-server-3.0b2pl9-11.i386.rpm OpenLinux 3.1.1 Workstation prior to dhcp-3.0b2pl9-11.i386.rpm OpenLinux 3.1 Server prior to dhcp-3.0b2pl9-11.i386.rpm prior to dhcp-server-3.0b2pl9-11.i386.rpm OpenLinux 3.1 Workstation prior to dhcp-3.0b2pl9-11.i386.rpm 3. Solution The proper solution is to install the latest packages. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS 4.2 Packages 09faf40bb1b20919080b3a3ed36d8081 dhcp-3.0b2pl9-11.i386.rpm 55c93437d6573cb8132a16ccd2c6c69e dhcp-server-3.0b2pl9-11.i386.rpm 4.3 Installation rpm -Fvh dhcp-3.0b2pl9-11.i386.rpm rpm -Fvh dhcp-server-3.0b2pl9-11.i386.rpm 4.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS 4.5 Source Packages d767e875975fcc76c912f9e41e4d83cf dhcp-3.0b2pl9-11.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS 5.2 Packages b28af5a9d9aff4f79b683a3187d09545 dhcp-3.0b2pl9-11.i386.rpm 5.3 Installation rpm -Fvh dhcp-3.0b2pl9-11.i386.rpm 5.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS 5.5 Source Packages 9a2f6bf27b28c5033353caceb1540979 dhcp-3.0b2pl9-11.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS 6.2 Packages 732ba73b4108dd30d5bd3704ad8e47be dhcp-3.0b2pl9-11.i386.rpm d2591a5b6021b2512603963e8f48c422 dhcp-server-3.0b2pl9-11.i386.rpm 6.3 Installation rpm -Fvh dhcp-3.0b2pl9-11.i386.rpm rpm -Fvh dhcp-server-3.0b2pl9-11.i386.rpm 6.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 6.5 Source Packages d8fd6b2a37fc3315fef9c873cea1172e dhcp-3.0b2pl9-11.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS 7.2 Packages d60a246831ce062e2b4228b2d6946c7b dhcp-3.0b2pl9-11.i386.rpm 7.3 Installation rpm -Fvh dhcp-3.0b2pl9-11.i386.rpm 7.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 7.5 Source Packages 7c1642355347a47278dbd1afd6d3d44f dhcp-3.0b2pl9-11.src.rpm 8. References Specific references for this advisory: http://www.cert.org/advisories/CA-2002-12.html Caldera security resources: http://www.caldera.com/support/security/index.html This security fix closes Caldera incidents sr864837, fz521045, erg712050. 9. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products. 10. Acknowledgements This vulnerability was dicovered and researched by Next Generation Security Technologies. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj0Q1o0ACgkQbluZssSXDTHXZQCfeXzCHjiBFcA73L18AAdkh5+T vSQAnj7TozILl1Q+x4P9Xm1w/8fZWrZ/ =sM39 -----END PGP SIGNATURE-----