Scientific Linux Security Update : dhcp on SL6.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

A flaw was found in the way the dhcpd daemon handled the expiration
time of IPv6 leases. If dhcpd's configuration was changed to reduce
the default IPv6 lease time, lease renewal requests for previously
assigned leases could cause dhcpd to crash. (CVE-2012-3955)

This update also fixes the following bugs :

- Prior to this update, the DHCP server discovered only
the first IP address of a network interface if the
network interface had more than one configured IP
address. As a consequence, the DHCP server failed to
restart if the server was configured to serve only a
subnet of the following IP addresses. This update
modifies network interface addresses discovery code to
find all addresses of a network interface. The DHCP
server can also serve subnets of other addresses.

- Prior to this update, the dhclient rewrote the
/etc/resolv.conf file with backup data after it was
stopped even when the PEERDNS flag was set to 'no'
before shut down if the configuration file was changed
while the dhclient ran with PEERDNS=yes. This update
removes the backing up and restoring functions for this
configuration file from the dhclient-script. Now, the
dhclient no longer rewrites the /etc/resolv.conf file
when stopped.

After installing this update, all DHCP servers will be restarted
automatically.

See also :

http://www.nessus.org/u?d1385294

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 64949 ()

Bugtraq ID:

CVE ID: CVE-2012-3955