[debian-users:23011] [SECURITY] New verion of dhcp released (from debian-security-announce@lists.debian.org)

[Hiroshi KISE <fuyuneko@xxxxxxxxxxxx>]

以下に引用した記事にあるように、Debian 2.1(slink)のdhcp-client-beta、
Debian 2.2(potato)のdhcp-clientに、リモートからroot権限を取れてしまう
セキュリティホールが見つかっており、修正版も出ています。

今回も日本語訳はありません。なお、引用記事の原文は、
http://www.jp.debian.org/Lists-Archives/debian-security-announce-00/msg00012.html
で読むことができます。


At Wed, 28 Jun 2000 18:18:15 +0200,
Wichert Akkerman wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory                             security@debian.org
> http://www.debian.org/security/                            Michael Stone
> June 27, 2000
> -------------------------------------------------------------------------

> Package: dhcp-client-beta (dhcp-client)
> Vulnerability type: remote root exploit
> Debian-specific: no

> The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2
> (potato) are vulnerable to a root exploit. The OpenBSD team reports that the
> client inappropriately executes commands embedded in replies sent from a dhcp
> server. This means that a malicious dhcp server can execute commands on the
> client with root privilages. 

> The reported vulnerability is fixed in the package dhcp-client-beta
> 2.0b1pl6-0.3 for the current stable release (debian 2.1) and in dhcp-client
> 2.0-3potato1 for the frozen pre-release (debian 2.2). The dhcp server and relay
> agents are built from the same source as the client; however, the server and
> relay agents are not vulnerable to this issue and do not need to be upgraded.
> We recommend upgrading your dhcp-client-beta and dhcp-client immediately.
(以下省略)
-- 
喜瀬“冬猫”浩＠南国沖縄