[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:35955] [Translate] [SECURITY] [DSA 231-1] New dhcp3 packages fix arbitrary code execution
かねこです。
URL 等は元記事を確認ください。
------>8------------>8------------>8------------>8------------>8
- --------------------------------------------------------------------------
Debian Security Advisory DSA 231-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 17th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : dhcp3
Vulnerability : スタックオーバフロー
Problem-Type : リモート
Debian-specific: いいえ
CVE Id : CAN-2003-0026
CERT advisory : VU#284857 CA-2003-01
The Internet Software Consortium による ISC DHCP デーモンの監査により、
幾つかの脆弱性が発見されました。脆弱性は minires ライブラリ中のエラー処
理ルーチンにあり、スタックオーバフローとして攻撃できる可能性があります。
これにより、リモートの攻撃者から dhcpd の実行時権限、通常 root で任意の
コマンドの実行を許してしまいます。dhcp3 以外の DHCP サーバにはこの問題は
ないようです。
現安定版 (stable) woody では、これはバージョン 3.0+3.0.1rc9-2.1 で修正さ
れています。
前安定版 (stable) potato には dhcp3 が収録されていないため、この問題の影
響を受けません。
不安定版 (unstable) sid では、これはバージョン 3.0+3.0.1rc11-1 で修正され
ています。
直ぐに dhcp3-server パッケージをアップグレードすることを勧めます。
インストール手順
----------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
apt-get パッケージマネージャを使っているなら、以下記載の sources.list
を用いて、次のコマンドを使ってください。
apt-get update
これは内部データベースを更新します。
apt-get upgrade
これで修正されたパッケージをインストールします。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian GNU/Linux 3.0 愛称 woody
- ------------------------------------
ソースアーカイブ:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.1.dsc
Size/MD5 checksum: 730 37209f2e8ff29f9d38e4f812183a8321
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.1.diff.gz
Size/MD5 checksum: 23781 d6b2e0bcf1b32d52423202ae5f988cf6
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9.orig.tar.gz
Size/MD5 checksum: 809803 3cc4758e5a59362315393a1874dfcb21
Alpha architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_alpha.deb
Size/MD5 checksum: 416508 773f104e93a351675621d4b812dedb0d
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_alpha.deb
Size/MD5 checksum: 216042 2a7c64e688ca68bf0b227334ba2d7833
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_alpha.deb
Size/MD5 checksum: 106842 9020774e6cdc310a3a3cf2a42ba58d63
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_alpha.deb
Size/MD5 checksum: 287082 189f63d99acb438981c10800d7783d44
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_alpha.deb
Size/MD5 checksum: 526816 08d076cefd29fa5e0055fda006cac383
ARM architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_arm.deb
Size/MD5 checksum: 386804 842b5eb5de805516022bada7f0094822
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_arm.deb
Size/MD5 checksum: 188558 5dbbd9b9ab025f52024b19627bfbdc72
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_arm.deb
Size/MD5 checksum: 93316 57bfc9321b7d10ae70ec6214d59bcb2f
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_arm.deb
Size/MD5 checksum: 273220 6a99a3da6a633477ae430d92f68f2184
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_arm.deb
Size/MD5 checksum: 484438 677cd67a76fc9814fe2a7c3ca4a1a492
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_i386.deb
Size/MD5 checksum: 375234 eadc1375ff236a3f6fd831340fa23bb2
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_i386.deb
Size/MD5 checksum: 178496 afd9dda61da369a5ff76b15803fd4136
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_i386.deb
Size/MD5 checksum: 82020 6137706b46e9b5d0f8d85bf0188f2050
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_i386.deb
Size/MD5 checksum: 269162 289c850ffa01157b09537ec57bf25d0c
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_i386.deb
Size/MD5 checksum: 465074 fae064fc37dede8a61bf836248e97e34
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_ia64.deb
Size/MD5 checksum: 549968 cf516c3021a7a9467d0bd5e8bc5467c4
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_ia64.deb
Size/MD5 checksum: 339122 abfcc44debcca325e01b76031536bacd
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_ia64.deb
Size/MD5 checksum: 134170 d2683f5f882b01422dab6ee93983c0a5
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_ia64.deb
Size/MD5 checksum: 348612 97101d3f841d5509f61664e27158cf23
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_ia64.deb
Size/MD5 checksum: 701398 5bc9980f56c7830a04f21bfedb228959
HP Precision architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_hppa.deb
Size/MD5 checksum: 384788 f733a3a7db9c641cff4594212f275984
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_hppa.deb
Size/MD5 checksum: 188118 5928747afeb44dfd8cfd8e02c332068f
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_hppa.deb
Size/MD5 checksum: 92962 2044c3e40799aeb2d328b6084d611016
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_hppa.deb
Size/MD5 checksum: 274626 cba0f35f3a64f21ee4f6d913bb3fa293
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_hppa.deb
Size/MD5 checksum: 477908 58ca5c2bc695aaccfea6052e37767dec
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_m68k.deb
Size/MD5 checksum: 364506 a78a9398f67bbf9083958cc98b2298a5
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_m68k.deb
Size/MD5 checksum: 168460 9ca486cd937a27d066fd33af2fa448c9
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_m68k.deb
Size/MD5 checksum: 79196 fce453cdd71d77bbb8a69af8e03fe24b
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_m68k.deb
Size/MD5 checksum: 264088 6b2a21514111f691e382711a488c2121
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_m68k.deb
Size/MD5 checksum: 451034 c26bf487dec970ea2eb77d7420574b31
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_mips.deb
Size/MD5 checksum: 397524 fda141ea4a15b1ac3bd556d182cc77f2
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_mips.deb
Size/MD5 checksum: 198432 c44d48cb08d6645f4d371575e0c65497
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_mips.deb
Size/MD5 checksum: 94642 0a0b958f68e4e1c476db1c5cd71ff84e
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_mips.deb
Size/MD5 checksum: 281424 f01760c830e76d99c0d3dff61f41474c
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_mips.deb
Size/MD5 checksum: 496270 84398a69046aad6340b0235fffae8f64
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_mipsel.deb
Size/MD5 checksum: 397100 1cf221ff34d407a50ff39947578141b4
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_mipsel.deb
Size/MD5 checksum: 197736 eb08eba8000fba3315df4e940f520e40
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_mipsel.deb
Size/MD5 checksum: 94786 99c4b8f8cc0d9849bf72e3d43b5e4f87
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_mipsel.deb
Size/MD5 checksum: 281390 96e869af7f9d8e008fcde2269d676f45
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_mipsel.deb
Size/MD5 checksum: 495938 d3c899c409c26461e80c85aff382d3e4
PowerPC architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_powerpc.deb
Size/MD5 checksum: 374958 6f37a18a820304e9ef9ed120b14e69c6
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_powerpc.deb
Size/MD5 checksum: 178404 502b47d01b6ad7d1c74aa9080edf1f8f
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_powerpc.deb
Size/MD5 checksum: 91016 1970d5daa075c804d17c39ae6e376255
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_powerpc.deb
Size/MD5 checksum: 269668 494ebd8a9950a30ac5e013d41e6a0457
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_powerpc.deb
Size/MD5 checksum: 466796 3588ff1f5d220f236323aaebb61988b2
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_s390.deb
Size/MD5 checksum: 374752 f1a1624c38f20ace387730b3cdb71257
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_s390.deb
Size/MD5 checksum: 177730 00faaea3e1a30546324b248b92980857
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_s390.deb
Size/MD5 checksum: 82992 9c1b2a9abadce85355d43e9a6cd1d0bb
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_s390.deb
Size/MD5 checksum: 270624 03c36acf2b87cab9fcea4a39f0ec329f
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_s390.deb
Size/MD5 checksum: 465288 2937d4f9c371bd72409e8c9216d145e9
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_sparc.deb
Size/MD5 checksum: 375362 69a5e5399e2a980e182405c63525c792
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_sparc.deb
Size/MD5 checksum: 178340 fd6d34c44429e67dd1661ee5f3563748
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_sparc.deb
Size/MD5 checksum: 87262 77c318418e23c496bfbeb351075a8909
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_sparc.deb
Size/MD5 checksum: 271132 c95e510874e1b1de7d3cec63c2a43887
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_sparc.deb
Size/MD5 checksum: 465422 7d42532c3ecc241a5ec81215f3ad22d6
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
--------------------------- http://plaza25.mbn.or.jp/~efialtes
足跡 = 55A4 898A C765 F20A 1693 7882 579A 3339 D6ED 97E8