[USN-531-1] dhcp vulnerability

Kees Cook kees at ubuntu.com
Mon Oct 22 18:24:30 UTC 2007


=========================================================== 
Ubuntu Security Notice USN-531-1           October 22, 2007
dhcp vulnerability
CVE-2007-5365
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  dhcp                            2.0pl5-19.4ubuntu0.1

Ubuntu 6.10:
  dhcp                            2.0pl5-19.4ubuntu1.1

Ubuntu 7.04:
  dhcp                            2.0pl5-19.5ubuntu2.1

Ubuntu 7.10:
  dhcp                            2.0pl5dfsg1-20ubuntu1.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not
correctly handle certain client options.  A remote attacker could send
malicious DHCP replies to the server and execute arbitrary code.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.1.diff.gz
      Size/MD5:   108088 65d8b55c7a2cf3b6e8911056a092e0db
    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.1.dsc
      Size/MD5:      691 f1a732d5c111aba4910303069f6aa0f6
    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
      Size/MD5:   294909 ab22f363a7aff924e2cc9d1019a21498

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu0.1_amd64.udeb
      Size/MD5:    47322 4620b7ef8ec75ef21fe8b2d4990ff84e
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu0.1_amd64.deb
      Size/MD5:   109572 ae4230ce73a430d18bd1274fa0cd0ff2
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu0.1_amd64.deb
      Size/MD5:    76716 df864b6ecdac9266e91cf7e01794aaf3
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.1_amd64.deb
      Size/MD5:   115772 f66f7fe1612ca1c38072b70519d898a4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu0.1_i386.udeb
      Size/MD5:    41260 90af57dae0621cb15f9389cd8225b0e2
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu0.1_i386.deb
      Size/MD5:   103718 08d499fafb459a9fd13c9fa64c12ae9c
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu0.1_i386.deb
      Size/MD5:    72888 59644d4f649ec20e46f98fa357820eb0
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.1_i386.deb
      Size/MD5:   110132 9a1a467805da579d4869c35b3fa44f91

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu0.1_powerpc.udeb
      Size/MD5:    43664 5d85efedbd7699d89c84658dfd620205
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu0.1_powerpc.deb
      Size/MD5:   106156 efc2601a3c3219e86acfad264c298448
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu0.1_powerpc.deb
      Size/MD5:    74832 cb32ac6094b116eaa64420bc12a1a9e5
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.1_powerpc.deb
      Size/MD5:   112400 2899bdf5de8a5f8db8ac5b107b04cd13

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu0.1_sparc.udeb
      Size/MD5:    43838 1264a0021beb922b279fd148ebd18f91
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu0.1_sparc.deb
      Size/MD5:   106504 9bc58bcfbbdc6269fd8b8546d8a1078e
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu0.1_sparc.deb
      Size/MD5:    74992 1f0c12c080c5334c2d17707b84f59a32
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.1_sparc.deb
      Size/MD5:   112920 0747d3bfa39eca0ce990cd1c91bded05

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.1.diff.gz
      Size/MD5:   108319 99d45b58f0d45b24cbf582a6dc09febe
    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.1.dsc
      Size/MD5:      691 246da5abd23374fc92915a1da5f409a6
    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
      Size/MD5:   294909 ab22f363a7aff924e2cc9d1019a21498

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu1.1_amd64.udeb
      Size/MD5:    48110 f5ade03dc424279fb4562f32f3770bd9
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu1.1_amd64.deb
      Size/MD5:   110456 3c3c7354346154da564b6997a2c03481
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu1.1_amd64.deb
      Size/MD5:    77384 12b64ebbb718a29b24ac93e729fdc792
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.1_amd64.deb
      Size/MD5:   116878 be3c4c917864af7c3f7911240eb87858

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu1.1_i386.udeb
      Size/MD5:    42380 6b0867d73ac495955f4ab71332a75ab3
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu1.1_i386.deb
      Size/MD5:   104826 aec56d75db1269a016d00b0f03fcb7e2
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu1.1_i386.deb
      Size/MD5:    73808 38c69b79a7b527c0508dd1644a37ebeb
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.1_i386.deb
      Size/MD5:   111484 c74d1d467cc64f3d3af662a6ab868c70

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu1.1_powerpc.udeb
      Size/MD5:    44128 9780c236832ff454c75de577b7889627
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu1.1_powerpc.deb
      Size/MD5:   106778 e15e31a3d91867a33889e29d4d24bb33
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu1.1_powerpc.deb
      Size/MD5:    75418 b22ec8d4dbd261a9b3793c7df2291d37
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.1_powerpc.deb
      Size/MD5:   112946 a3aafd9d5d8280eef709e3a241bf6fdf

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu1.1_sparc.udeb
      Size/MD5:    45206 9fb7dbfd703b3f7494edeb42f1f2c4e7
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu1.1_sparc.deb
      Size/MD5:   107852 53bc29628c3dd183074ac11d57ae5cd8
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu1.1_sparc.deb
      Size/MD5:    76094 57826859eeaa329872b6bcbd0a0da773
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.1_sparc.deb
      Size/MD5:   114364 1f4df17a6567c53f82a712dc4838fca5

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.1.diff.gz
      Size/MD5:   108856 9068ed213609edcf85c4980c0ba00531
    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.1.dsc
      Size/MD5:      775 cd23dc91e2207d693e951b08f7bff7f9
    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
      Size/MD5:   294909 ab22f363a7aff924e2cc9d1019a21498

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5ubuntu2.1_amd64.udeb
      Size/MD5:    48146 df821088116aa248287f2f05d2c619ac
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.5ubuntu2.1_amd64.deb
      Size/MD5:   110738 22b189ebe9fde53c3b3760eb8ee6bcce
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.5ubuntu2.1_amd64.deb
      Size/MD5:    77716 f3e609dea0e73a45777233e876a38599
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.1_amd64.deb
      Size/MD5:   117196 1c8ad1e8a8720204a3f72aa4c3934222

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5ubuntu2.1_i386.udeb
      Size/MD5:    42394 ebcd2e9142aff0ce87fc4fbee5716349
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.5ubuntu2.1_i386.deb
      Size/MD5:   105082 857bbb07db120408f3c0342e8dd3f927
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.5ubuntu2.1_i386.deb
      Size/MD5:    74170 8cd56d6b7a12fefa8c52681f590076c4
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.1_i386.deb
      Size/MD5:   111790 a267078b9ef14d4b1053741e8b4f5e7b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5ubuntu2.1_powerpc.udeb
      Size/MD5:    45206 8509b4de59aae12d1768ab6a3ad6e0d6
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.5ubuntu2.1_powerpc.deb
      Size/MD5:   108088 6306df51227c6b1d5e31945e1b59c1be
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.5ubuntu2.1_powerpc.deb
      Size/MD5:    76470 0a7e0f7552b855011ea4e6557b1bc0f8
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.1_powerpc.deb
      Size/MD5:   114224 146f3f882427b59efcb9257c006d23ff

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5ubuntu2.1_sparc.udeb
      Size/MD5:    45744 4313e2f1206796d1b4568cfc64a50400
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.5ubuntu2.1_sparc.deb
      Size/MD5:   108526 80ec87d90d5c634b8a1a9dce2208e913
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.5ubuntu2.1_sparc.deb
      Size/MD5:    76744 87a931b1cc4b626473e84aeef2332ddb
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.1_sparc.deb
      Size/MD5:   115214 ee4b41ef734b1082d5914f26f6e3deb5

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.1.diff.gz
      Size/MD5:    58237 62a723a12956ea2a0cbebd2ddb88c017
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.1.dsc
      Size/MD5:      734 654d981c06763f9ba838e06a913f0b73
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1.orig.tar.gz
      Size/MD5:   244890 0e1a88fe2e55c310f1a2f9150f4aeeee

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb_2.0pl5dfsg1-20ubuntu1.1_amd64.udeb
      Size/MD5:    48454 bb14a8a6e227be7a5071620ee6bfd808
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5dfsg1-20ubuntu1.1_amd64.deb
      Size/MD5:   110786 c1c65b22cd31c395810f38b5d105e6ee
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5dfsg1-20ubuntu1.1_amd64.deb
      Size/MD5:    77662 45a3380cb769ab8c0dc709b433373242
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.1_amd64.deb
      Size/MD5:   117090 04e87824199b7bdc07fc3e14682a881f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb_2.0pl5dfsg1-20ubuntu1.1_i386.udeb
      Size/MD5:    42372 445ff45237987d32994ce823aca24919
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5dfsg1-20ubuntu1.1_i386.deb
      Size/MD5:   104780 a683c066ffc766001a74840698efe609
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5dfsg1-20ubuntu1.1_i386.deb
      Size/MD5:    73854 e49efeef6aa0f9d6119d85e71e0f4564
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.1_i386.deb
      Size/MD5:   111526 3f42b5e1f8efad5ba607426257729785

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb_2.0pl5dfsg1-20ubuntu1.1_powerpc.udeb
      Size/MD5:    45202 0992269f31407f1347df3f8962ed5fa3
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5dfsg1-20ubuntu1.1_powerpc.deb
      Size/MD5:   107698 7e12ba208451b52ce4295f44be13b68b
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5dfsg1-20ubuntu1.1_powerpc.deb
      Size/MD5:    76184 a2ac17aaf17dcafbb1f8c0f618cc8f74
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.1_powerpc.deb
      Size/MD5:   113912 9d89c17a348b4ae9306544a70cb4c5d9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb_2.0pl5dfsg1-20ubuntu1.1_sparc.udeb
      Size/MD5:    45794 39055cdaf1150aef796077d011f44d72
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5dfsg1-20ubuntu1.1_sparc.deb
      Size/MD5:   108290 cddf5fe42de3e5cbb42da5d49a666f29
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5dfsg1-20ubuntu1.1_sparc.deb
      Size/MD5:    76488 be38b6f1fe7d388765046abfb91ed156
    http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.1_sparc.deb
      Size/MD5:   114870 11945b4e1a37e04fff0d2a496ebb9216

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20071022/92021ca4/attachment.sig>


More information about the ubuntu-security-announce mailing list