Debian DSA-1388-3 : dhcp - buffer overflow
Critical Nessus Plugin ID 27515
SynopsisThe remote Debian host is missing a security-related update.
DescriptionThe patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem.
This update to the previous advisory makes updated packages based on a newer version of the patch available.
For completeness, please find below the original advisory :
It was discovered that dhcp, a DHCP server for automatic IP address assignment, didn't correctly allocate space for network replies. This could potentially allow a malicious DHCP client to execute arbitrary code upon the DHCP server.
SolutionUpgrade the dhcp packages.
For the stable distribution (etch), this problem has been fixed in version 2.0pl5-19.5etch2.
Updates to the old stable version (sarge) are pending.