Mandrake Linux Security Advisory : dhcp (MDKSA-2004:061)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A vulnerability in how ISC's DHCPD handles syslog messages can allow a
malicious attacker with the ability to send special packets to the
DHCPD listening port to crash the daemon, causing a Denial of Service.
It is also possible that they may be able to execute arbitrary code on
the vulnerable server with the permissions of the user running DHCPD,
which is usually root.

A similar vulnerability also exists in the way ISC's DHCPD makes use
of the vsnprintf() function on system that do not support vsnprintf().
This vulnerability could also be used to execute arbitrary code and/or
perform a DoS attack. The vsnprintf() statements that have this
problem are defined after the vulnerable code noted above, which would
trigger the previous problem rather than this one.

Thanks to Gregory Duchemin and Solar Designer for discovering these
flaws.

The updated packages contain 3.0.1rc14 which is not vulnerable to
these problems. Only ISC DHCPD 3.0.1rc12 and 3.0.1rc13 are vulnerable
to these issues.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14160 (mandrake_MDKSA-2004-061.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0460
CVE-2004-0461

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now