-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.27: Buffer overflows in dhcpd. Topic: Buffer overflows in dhcpd. Advisory issue date: August 7 1998 I. Problem Description It is possible to expolit buffer overflows in the Dynamic Host Configuration Protocol Daemon (dhcpd). II. Impact Description: Vulnerable Systems: OpenLinux 1.0, 1.1, & 1.2 systems using the dhcpd-5.16-1 package. Note: The version numbering of dhcpd has changed! III. Solution Workaround: Remove the dhcpd package. Correction: The proper solution is to switch to the dhcpd-1.0pl2-1 packages. They can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/011/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/011/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: 9169baa1949cfe81c256a66f79d27c66 RPMS/dhcpd-1.0pl2-1.i386.rpm 2c99c4359f6c73268c70a33e94bcee74 SRPMS/dhcpd-1.0pl2-1.src.rpm Upgrade with the following commands: rpm -q bootp && rpm -e bootp rpm -q dhcpd && rpm -U --oldpackage RPMS/dhcpd-1.0pl2-1.i386.rpm Note that the --oldpackage option is only used to overcome the version numbering problem. The dhcpd package conflicts with bootp package, because dhcpd also provides the BOOTP service. IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html Additional documentation on this problem can be found in the vendor-sec mailing list: Email message ID This security fix closes Caldera's internal Problem Report 4009. V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1998.27.txt,v 1.3 1998/08/07 14:12:20 rf Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNcsLROn+9R4958LpAQHLNQQAtkgWiUv8XNlhvBB3AUcAzP276AVOKyMD IH5LRZ8Bql6AhtOTbayoIHsKYqSnYgLfVp9rigtTGTHq71WCHDbmX0cDh/QiY0um 1rO2pzA5Q90JjFadUwPN/t6TQak/3ddIRTh+1tRP1Smbd080PbAgIXfOJ4v8ZXDF WH9OLpUD8rE= =PInh -----END PGP SIGNATURE-----