Fedora 13 : dhcp-4.1.1-27.P1.fc13 (2010-17303)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- Thu Nov 4 2010 Jiri Popelka <jpopelka at redhat.com> -
12:4.1.1-27.P1

- Fix for CVE-2010-3611 (#649880)

- Wed Oct 13 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-26.P1

- Server was ignoring client's Solicit (where client
included address/prefix as a preference) (#634842)

- Tue Sep 7 2010 Jiri Popelka <jpopelka at redhat.com> -
12:4.1.1-25.P1

- Hardening dhcpd/dhcrelay/dhclient by making them PIE &
RELRO

- Fri Aug 20 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-24.P1

- Add DHCRELAYARGS variable to /etc/sysconfig/dhcrelay

- Tue Jun 29 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-23.P1

- Fix parsing of date (#514828)

- Thu Jun 3 2010 Jiri Popelka <jpopelka at redhat.com> -
12:4.1.1-22.P1

- 4.1.1-P1 (pair of bug fixes including one for a
security related bug).

- Fix for CVE-2010-2156 (#601405)

- Compile with -fno-strict-aliasing

- N-V-R (copied from bind.spec):
Name-Version-Release.Patch.dist

- Mon May 3 2010 Jiri Popelka <jpopelka at redhat.com> -
12:4.1.1-21

- Fix the initialization-delay.patch (#587070)

- Thu Apr 29 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-20

- Cut down the 0-4 second delay before sending first
DHCPDISCOVER (#587070)

- Wed Apr 28 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-19

- Move /etc/NetworkManager/dispatcher.d/10-dhclient
script from dhcp to dhclient subpackage (#586999).

- Wed Apr 28 2010 Jiri Popelka <jpopelka at redhat.com> -
12:4.1.1-18

- Add domain-search to the list of default requested
DHCP options (#586906)

- Wed Apr 21 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-17

- If the Reply was received in response to Renew or
Rebind message, client adds any new addresses in the
IA option to the IA (#578097)

- Mon Apr 19 2010 Jiri Popelka <jpopelka at redhat.com> -
12:4.1.1-16

- Fill in Elapsed Time Option in Release/Decline
messages (#582939)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=649877
http://www.nessus.org/u?05939a43

Solution :

Update the affected dhcp package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 50682 ()

Bugtraq ID: 44615

CVE ID: CVE-2010-3611

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now