|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Possible root exploit in ISC DHCP client.
From: Ted Lemon (mellon
NOMINUM.COM)Date: Sat Jun 24 2000 - 04:28:58 CDT
- Next message: Michal Zalewski: "Re: Netscape FTP Server - "Professional" as hell :>"
- Previous message: Mitchell Blank Jr: "Re: [Stan Bubrouski <satanFASTDIAL.NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]]"
- Next in thread: Security: "Re: Possible root exploit in ISC DHCP client."
- Reply: Security: "Re: Possible root exploit in ISC DHCP client."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Somebody at OpenBSD discovered a possible root exploit in the ISC DHCP
client. This exploit is present in all versions of the ISC DHCP
client prior to 2.0pl1 and 3.0b1pl14, which I just released this
evening. Anybody who is using versions of the ISC DHCP client other
than these is strongly urged to upgrade. I would appreciate it if the
OpenBSD people would take a look at the new version to see if they
believe it is a complete fix, and let me know if it isn't. In any
case, thanks for catching the error! I'm sorry I'm being so vague
about how this got found, but I don't have time to read bugtraq
anymore, so I was notified roughly fourth-hand.
The ISC DHCP distribution is available at ftp://ftp.isc.org/isc/DHCP,
and anonymous CVS at http://www.isc.org/products/DHCP/anoncvs.html.
The head of the tree in anonymous CVS also contains the fix.
_MelloN_
- Next message: Michal Zalewski: "Re: Netscape FTP Server - "Professional" as hell :>"
- Previous message: Mitchell Blank Jr: "Re: [Stan Bubrouski <satanFASTDIAL.NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]]"
- Next in thread: Security: "Re: Possible root exploit in ISC DHCP client."
- Reply: Security: "Re: Possible root exploit in ISC DHCP client."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]