[USN-531-1] dhcp vulnerability
Date: Mon, 22 Oct 2007 11:24:30 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-531-1] dhcp vulnerability
Message-ID: <20071022182429.GC7963@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="pe+tqlI1iYzVj1X/"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.301 $
X-HELO: gorgon.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--pe+tqlI1iYzVj1X/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-531-1 October 22, 2007
dhcp vulnerability
CVE-2007-5365
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
dhcp 2.0pl5-19.4ubuntu0.1
Ubuntu 6.10:
dhcp 2.0pl5-19.4ubuntu1.1
Ubuntu 7.04:
dhcp 2.0pl5-19.5ubuntu2.1
Ubuntu 7.10:
dhcp 2.0pl5dfsg1-20ubuntu1.1
In general, a standard system upgrade is sufficient to affect the
necessary changes.
Details follow:
Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not
correctly handle certain client options. A remote attacker could send
malicious DHCP replies to the server and execute arbitrary code.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubun=
tu0.1.diff.gz
Size/MD5: 108088 65d8b55c7a2cf3b6e8911056a092e0db
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubun=
tu0.1.dsc
Size/MD5: 691 f1a732d5c111aba4910303069f6aa0f6
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5.orig.tar=
=2Egz
Size/MD5: 294909 ab22f363a7aff924e2cc9d1019a21498
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.4ubuntu0.1_amd64.udeb
Size/MD5: 47322 4620b7ef8ec75ef21fe8b2d4990ff84e
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.4ubuntu0.1_amd64.deb
Size/MD5: 109572 ae4230ce73a430d18bd1274fa0cd0ff2
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.4ubuntu0.1_amd64.deb
Size/MD5: 76716 df864b6ecdac9266e91cf7e01794aaf3
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4=
ubuntu0.1_amd64.deb
Size/MD5: 115772 f66f7fe1612ca1c38072b70519d898a4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.4ubuntu0.1_i386.udeb
Size/MD5: 41260 90af57dae0621cb15f9389cd8225b0e2
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.4ubuntu0.1_i386.deb
Size/MD5: 103718 08d499fafb459a9fd13c9fa64c12ae9c
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.4ubuntu0.1_i386.deb
Size/MD5: 72888 59644d4f649ec20e46f98fa357820eb0
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4=
ubuntu0.1_i386.deb
Size/MD5: 110132 9a1a467805da579d4869c35b3fa44f91
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.4ubuntu0.1_powerpc.udeb
Size/MD5: 43664 5d85efedbd7699d89c84658dfd620205
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.4ubuntu0.1_powerpc.deb
Size/MD5: 106156 efc2601a3c3219e86acfad264c298448
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.4ubuntu0.1_powerpc.deb
Size/MD5: 74832 cb32ac6094b116eaa64420bc12a1a9e5
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4=
ubuntu0.1_powerpc.deb
Size/MD5: 112400 2899bdf5de8a5f8db8ac5b107b04cd13
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.4ubuntu0.1_sparc.udeb
Size/MD5: 43838 1264a0021beb922b279fd148ebd18f91
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.4ubuntu0.1_sparc.deb
Size/MD5: 106504 9bc58bcfbbdc6269fd8b8546d8a1078e
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.4ubuntu0.1_sparc.deb
Size/MD5: 74992 1f0c12c080c5334c2d17707b84f59a32
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4=
ubuntu0.1_sparc.deb
Size/MD5: 112920 0747d3bfa39eca0ce990cd1c91bded05
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubun=
tu1.1.diff.gz
Size/MD5: 108319 99d45b58f0d45b24cbf582a6dc09febe
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubun=
tu1.1.dsc
Size/MD5: 691 246da5abd23374fc92915a1da5f409a6
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5.orig.tar=
=2Egz
Size/MD5: 294909 ab22f363a7aff924e2cc9d1019a21498
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.4ubuntu1.1_amd64.udeb
Size/MD5: 48110 f5ade03dc424279fb4562f32f3770bd9
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.4ubuntu1.1_amd64.deb
Size/MD5: 110456 3c3c7354346154da564b6997a2c03481
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.4ubuntu1.1_amd64.deb
Size/MD5: 77384 12b64ebbb718a29b24ac93e729fdc792
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4=
ubuntu1.1_amd64.deb
Size/MD5: 116878 be3c4c917864af7c3f7911240eb87858
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.4ubuntu1.1_i386.udeb
Size/MD5: 42380 6b0867d73ac495955f4ab71332a75ab3
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.4ubuntu1.1_i386.deb
Size/MD5: 104826 aec56d75db1269a016d00b0f03fcb7e2
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.4ubuntu1.1_i386.deb
Size/MD5: 73808 38c69b79a7b527c0508dd1644a37ebeb
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4=
ubuntu1.1_i386.deb
Size/MD5: 111484 c74d1d467cc64f3d3af662a6ab868c70
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.4ubuntu1.1_powerpc.udeb
Size/MD5: 44128 9780c236832ff454c75de577b7889627
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.4ubuntu1.1_powerpc.deb
Size/MD5: 106778 e15e31a3d91867a33889e29d4d24bb33
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.4ubuntu1.1_powerpc.deb
Size/MD5: 75418 b22ec8d4dbd261a9b3793c7df2291d37
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4=
ubuntu1.1_powerpc.deb
Size/MD5: 112946 a3aafd9d5d8280eef709e3a241bf6fdf
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.4ubuntu1.1_sparc.udeb
Size/MD5: 45206 9fb7dbfd703b3f7494edeb42f1f2c4e7
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.4ubuntu1.1_sparc.deb
Size/MD5: 107852 53bc29628c3dd183074ac11d57ae5cd8
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.4ubuntu1.1_sparc.deb
Size/MD5: 76094 57826859eeaa329872b6bcbd0a0da773
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4=
ubuntu1.1_sparc.deb
Size/MD5: 114364 1f4df17a6567c53f82a712dc4838fca5
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.5ubun=
tu2.1.diff.gz
Size/MD5: 108856 9068ed213609edcf85c4980c0ba00531
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.5ubun=
tu2.1.dsc
Size/MD5: 775 cd23dc91e2207d693e951b08f7bff7f9
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5.orig.tar=
=2Egz
Size/MD5: 294909 ab22f363a7aff924e2cc9d1019a21498
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.5ubuntu2.1_amd64.udeb
Size/MD5: 48146 df821088116aa248287f2f05d2c619ac
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.5ubuntu2.1_amd64.deb
Size/MD5: 110738 22b189ebe9fde53c3b3760eb8ee6bcce
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.5ubuntu2.1_amd64.deb
Size/MD5: 77716 f3e609dea0e73a45777233e876a38599
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5=
ubuntu2.1_amd64.deb
Size/MD5: 117196 1c8ad1e8a8720204a3f72aa4c3934222
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.5ubuntu2.1_i386.udeb
Size/MD5: 42394 ebcd2e9142aff0ce87fc4fbee5716349
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.5ubuntu2.1_i386.deb
Size/MD5: 105082 857bbb07db120408f3c0342e8dd3f927
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.5ubuntu2.1_i386.deb
Size/MD5: 74170 8cd56d6b7a12fefa8c52681f590076c4
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5=
ubuntu2.1_i386.deb
Size/MD5: 111790 a267078b9ef14d4b1053741e8b4f5e7b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.5ubuntu2.1_powerpc.udeb
Size/MD5: 45206 8509b4de59aae12d1768ab6a3ad6e0d6
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.5ubuntu2.1_powerpc.deb
Size/MD5: 108088 6306df51227c6b1d5e31945e1b59c1be
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.5ubuntu2.1_powerpc.deb
Size/MD5: 76470 0a7e0f7552b855011ea4e6557b1bc0f8
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5=
ubuntu2.1_powerpc.deb
Size/MD5: 114224 146f3f882427b59efcb9257c006d23ff
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0=
pl5-19.5ubuntu2.1_sparc.udeb
Size/MD5: 45744 4313e2f1206796d1b4568cfc64a50400
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5-19.5ubuntu2.1_sparc.deb
Size/MD5: 108526 80ec87d90d5c634b8a1a9dce2208e913
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5-19.5ubuntu2.1_sparc.deb
Size/MD5: 76744 87a931b1cc4b626473e84aeef2332ddb
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5=
ubuntu2.1_sparc.deb
Size/MD5: 115214 ee4b41ef734b1082d5914f26f6e3deb5
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1=
-20ubuntu1.1.diff.gz
Size/MD5: 58237 62a723a12956ea2a0cbebd2ddb88c017
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1=
-20ubuntu1.1.dsc
Size/MD5: 734 654d981c06763f9ba838e06a913f0b73
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1=
=2Eorig.tar.gz
Size/MD5: 244890 0e1a88fe2e55c310f1a2f9150f4aeeee
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb=
_2.0pl5dfsg1-20ubuntu1.1_amd64.udeb
Size/MD5: 48454 bb14a8a6e227be7a5071620ee6bfd808
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5dfsg1-20ubuntu1.1_amd64.deb
Size/MD5: 110786 c1c65b22cd31c395810f38b5d105e6ee
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5dfsg1-20ubuntu1.1_amd64.deb
Size/MD5: 77662 45a3380cb769ab8c0dc709b433373242
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1=
-20ubuntu1.1_amd64.deb
Size/MD5: 117090 04e87824199b7bdc07fc3e14682a881f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb=
_2.0pl5dfsg1-20ubuntu1.1_i386.udeb
Size/MD5: 42372 445ff45237987d32994ce823aca24919
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5dfsg1-20ubuntu1.1_i386.deb
Size/MD5: 104780 a683c066ffc766001a74840698efe609
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5dfsg1-20ubuntu1.1_i386.deb
Size/MD5: 73854 e49efeef6aa0f9d6119d85e71e0f4564
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1=
-20ubuntu1.1_i386.deb
Size/MD5: 111526 3f42b5e1f8efad5ba607426257729785
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb=
_2.0pl5dfsg1-20ubuntu1.1_powerpc.udeb
Size/MD5: 45202 0992269f31407f1347df3f8962ed5fa3
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5dfsg1-20ubuntu1.1_powerpc.deb
Size/MD5: 107698 7e12ba208451b52ce4295f44be13b68b
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5dfsg1-20ubuntu1.1_powerpc.deb
Size/MD5: 76184 a2ac17aaf17dcafbb1f8c0f618cc8f74
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1=
-20ubuntu1.1_powerpc.deb
Size/MD5: 113912 9d89c17a348b4ae9306544a70cb4c5d9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb=
_2.0pl5dfsg1-20ubuntu1.1_sparc.udeb
Size/MD5: 45794 39055cdaf1150aef796077d011f44d72
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0p=
l5dfsg1-20ubuntu1.1_sparc.deb
Size/MD5: 108290 cddf5fe42de3e5cbb42da5d49a666f29
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl=
5dfsg1-20ubuntu1.1_sparc.deb
Size/MD5: 76488 be38b6f1fe7d388765046abfb91ed156
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1=
-20ubuntu1.1_sparc.deb
Size/MD5: 114870 11945b4e1a37e04fff0d2a496ebb9216
--pe+tqlI1iYzVj1X/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHHOrdH/9LqRcGPm0RAi15AJ9ID9z2gqJDKwzEEK9ZdcBXcYSVgACghC1A
a8UNQThh6Juoetgo8qal5kU=
=qpDZ
-----END PGP SIGNATURE-----
--pe+tqlI1iYzVj1X/--