Document Audience: PUBLIC
Document ID: 243806
Title: Security Vulnerabilities in DHCP Handling of DHCP Requests May
Allow Remote Users to Execute Arbitrary Code or Cause a Denial of the
DHCP Service
Copyright Notice: Copyright © 2008 Sun Microsystems, Inc. All Rights
Reserved
Update Date: Fri Nov 07 00:00:00 MST 2008
Solution Type: Sun Alert
Solution 243806 : Security Vulnerabilities in DHCP Handling of DHCP
Requests May Allow Remote Users to Execute Arbitrary Code or Cause a
Denial of the DHCP Service
Related Categories
Home>Content>Sun Alert Criteria Categories>Security
Home>Content>Sun Alert Release Phase>Resolved
Bug ID
6619398, 6713805
Product
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
OpenSolaris
Date of Resolved Release
07-Nov-2008
SA Document Body
Security Vulnerabilities in DHCP Handling of DHCP Requests May Allow
Remote Users to Execute Arbitrary Code or Cause a Denial of the DHCP
Service
1. Impact
Security vulnerabilities in the DHCP (in.dhcpd(1M)) server handling of
DHCP requests may allow a remote unprivileged user to kill the DHCP
server daemon (Denial of Service) or to execute arbitrary code as the
root user.
One of the issues described here is also referenced in the following
document:
CVE-2007-5365 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5365
2. Contributing Factors
These issues can occur in the following releases:
SPARC Platform
Solaris 8 without patch 109077-21
Solaris 9 without patch 112837-16
Solaris 10 without patch 138876-01
OpenSolaris based upon builds snv_01 through snv_102
x86 Platform
Solaris 8 without patch 109078-21
Solaris 9 without patch 114265-15
Solaris 10 without patch 138877-01
OpenSolaris based upon builds snv_01 through snv_102
Notes:
1. Only OpenSolaris installations which include the affected binary /
usr/lib/inet/in.dhcpd and have the DHCP server configured and running
are impacted by this issue.
2. OpenSolaris distributions may include additional bug fixes above
and beyond the build from which it was derived. The base build can be
derived as follows:
$ uname -v
snv_86
3. Only systems which are configured as a DHCP server are impacted by
this issue. To determine if a system is configured as a DHCP server,
the following command can be run.
$ svcs svc:/network/dhcp-server:default
STATE STIME FMRI
online Sep_09 svc:/network/dhcp-server:default
If the output shows the state is online, then the system is configured
as a DHCP server.
3. Symptoms
The security vulnerability which allows arbitrary code executio, has
no reliable symptoms that would indicate the issue has been exploited.
The security vulnerability which allows a denial of of teh DHCP
service will result in the DHCP server daemon exiting with an
"Assertion failed" error message.
4. Workaround
There are no workarounds for these issues. Please see the Resolution
section below.
5. Resolution
These issues are addressed in the following releases:
SPARC Platform
Solaris 8 with patch 109077-21 or later
Solaris 9 with patch 112837-16 or later
Solaris 10 with patch 138876-01 or later
OpenSolaris based upon builds snv_103 or later
x86 Platform
Solaris 8 with patch 109078-21 or later
Solaris 9 with patch 114265-15 or later
Solaris 10 with patch 138877-01 or later
OpenSolaris based upon builds snv_103 or later
For more information on Security Sun Alerts, see Technical Instruction
ID 213557.
This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
Attachments
This solution has no attachment
original link:
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-243806-1
greetings,
Stoyan Angelov
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
