Ubuntu 9.10 / 10.04 LTS / 10.10 : dhcp3 vulnerability (USN-1108-2)

Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch
to fix the vulnerability was not properly applied on Ubuntu 9.10 and
higher. This update fixes the problem.

Sebastian Krahmer discovered that the dhclient utility incorrectly
filtered crafted responses. An attacker could use this flaw with a
malicious DHCP server to execute arbitrary code, resulting in root
privilege escalation.

Solution :

Update the affected dhcp3-client package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 55067 ()

Bugtraq ID: 47176

CVE ID: CVE-2011-0997