RHEL 2.1 : pxe (RHSA-2002:165)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated PXE packages are now available for Red Hat Linux Advanced
Server which fix a vulnerability that can crash the PXE server using
certain DHCP packets.

The PXE package contains the PXE (Preboot eXecution Environment)
server and code needed for Linux to boot from a boot disk image on a
Linux PXE server.

It was found that the PXE server could be crashed using DHCP packets
from some Voice Over IP (VOIP) phones. This bug could be used to cause
a denial of service (DoS) attack on remote systems by using malicious

Users of PXE on Red Hat Linux Advanced Server are advised to upgrade
to the new release which contains a version of PXE that is not
vulnerable to this issue.

See also :


Solution :

Update the affected pxe package.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12317 ()

Bugtraq ID:

CVE ID: CVE-2002-0835