Your message dated Mon, 29 Oct 2007 22:02:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446354: fixed in dhcp 2.0pl5dfsg1-20.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: dhcp
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has been issued against dhcp.
CVE-2007-5365:
Stack-based buffer overflow in the cons_options function in options.c in
dhcpd in OpenBSD 4.0 through 4.2 allows remote attackers to execute
arbitrary code or cause a denial of service (daemon crash) via a DHCP
request specifying a maximum message size smaller than the minimum IP
MTU.
A patch is attached below. Please tell me, if you want to take care of
it or if i should upload.
Cheers
Steffen
[0]: http://ve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5365
diff -u dhcp-2.0pl5dfsg1/debian/changelog dhcp-2.0pl5dfsg1/debian/changelog
--- dhcp-2.0pl5dfsg1/debian/changelog
+++ dhcp-2.0pl5dfsg1/debian/changelog
@@ -1,3 +1,12 @@
+dhcp (2.0pl5dfsg1-20.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing-security team
+ * Fix stack-based buffer overflow in options.c, which allows arbitrary
+ code execution or cause of a DoS through remote attackers
+ Fixes: CVE-2007-5365
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Fri, 12 Oct 2007 12:33:17 +0000
+
dhcp (2.0pl5dfsg1-20) unstable; urgency=medium
* Taking over unmaintained package.
only in patch2:
unchanged:
--- dhcp-2.0pl5dfsg1.orig/debian/patches/305_CVE-2007-5365.patch
+++ dhcp-2.0pl5dfsg1/debian/patches/305_CVE-2007-5365.patch
@@ -0,0 +1,16 @@
+--- options.c.orig 2007-10-12 12:22:41.000000000 +0000
++++ dhcp-2.0pl5dfsg1/common/options.c 2007-10-12 12:23:42.000000000 +0000
+@@ -188,9 +188,12 @@
+ inpacket &&
+ inpacket -> options [DHO_DHCP_MAX_MESSAGE_SIZE].data &&
+ (inpacket -> options [DHO_DHCP_MAX_MESSAGE_SIZE].len >=
+- sizeof (u_int16_t)))
++ sizeof (u_int16_t))){
+ mms = getUShort (inpacket -> options
+ [DHO_DHCP_MAX_MESSAGE_SIZE].data);
++ if (mms < 576)
++ mms = 576; /* mms must be >= minimum IP
MTU */
++ }
+
+ /* If the client has provided a maximum DHCP message size,
+ use that; otherwise, if it's BOOTP, only 64 bytes; otherwise
--- End Message ---
--- Begin Message ---
Source: dhcp
Source-Version: 2.0pl5dfsg1-20.2
We believe that the bug you reported is fixed in the latest version of
dhcp, which is due to be installed in the Debian FTP archive:
dhcp-client-udeb_2.0pl5dfsg1-20.2_i386.udeb
to pool/main/d/dhcp/dhcp-client-udeb_2.0pl5dfsg1-20.2_i386.udeb
dhcp-client_2.0pl5dfsg1-20.2_i386.deb
to pool/main/d/dhcp/dhcp-client_2.0pl5dfsg1-20.2_i386.deb
dhcp-relay_2.0pl5dfsg1-20.2_i386.deb
to pool/main/d/dhcp/dhcp-relay_2.0pl5dfsg1-20.2_i386.deb
dhcp_2.0pl5dfsg1-20.2.diff.gz
to pool/main/d/dhcp/dhcp_2.0pl5dfsg1-20.2.diff.gz
dhcp_2.0pl5dfsg1-20.2.dsc
to pool/main/d/dhcp/dhcp_2.0pl5dfsg1-20.2.dsc
dhcp_2.0pl5dfsg1-20.2_i386.deb
to pool/main/d/dhcp/dhcp_2.0pl5dfsg1-20.2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated dhcp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 29 Oct 2007 22:40:21 +0100
Source: dhcp
Binary: dhcp dhcp-client dhcp-client-udeb dhcp-relay
Architecture: source i386
Version: 2.0pl5dfsg1-20.2
Distribution: unstable
Urgency: high
Maintainer: Andreas Barth <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
dhcp - DHCP server for automatic IP address assignment
dhcp-client - DHCP Client
dhcp-client-udeb - DHCP Client for debian-installer (udeb)
dhcp-relay - DHCP Relay
Closes: 446354
Changes:
dhcp (2.0pl5dfsg1-20.2) unstable; urgency=high
.
* Non-maintainer upload by testing-security team.
* Updated 305_CVE-2007-5365.patch to fix incomplete
upstream patch for CVE-2007-5365 (Closes: #446354).
Files:
e0ac8b9214247ed5d788f1acdc5f28ea 645 net optional dhcp_2.0pl5dfsg1-20.2.dsc
551bf1a80a3cc86e73b85458f731fd0f 58279 net optional
dhcp_2.0pl5dfsg1-20.2.diff.gz
58d5d91aa6310c034b31f653fad168b5 110374 net optional
dhcp_2.0pl5dfsg1-20.2_i386.deb
df243d5d1aa2e68c3d83593d021f47c1 103004 net extra
dhcp-client_2.0pl5dfsg1-20.2_i386.deb
0424e791315327491754385e94ce7727 72022 net extra
dhcp-relay_2.0pl5dfsg1-20.2_i386.deb
f83b550b9c0b9cc11f98c3552c474907 40412 debian-installer extra
dhcp-client-udeb_2.0pl5dfsg1-20.2_i386.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHJldSHYflSXNkfP8RAhFsAJ9oEToGldwXNo/WNSY5zRLynDpQewCgoKBi
EtN194gqxKQrscQJHlbqEO8=
=KGEW
-----END PGP SIGNATURE-----
--- End Message ---
