drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in DHCP (Aktualisierung)
Name: |
Ausführen beliebiger Kommandos in DHCP (Aktualisierung) |
|
ID: |
USN-1108-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10 |
|
Datum: |
Di, 19. April 2011, 22:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 |
|
Applikationen: |
ISC DHCP |
|
Update von: |
Ausführen beliebiger Kommandos in DHCP |
|
Originalnachricht |
--===============8934525352584935430== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-Z7MTs/BC3N0bRbriJhp3"
--=-Z7MTs/BC3N0bRbriJhp3 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1108-2 April 19, 2011
dhcp3 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 9.10
Summary:
An attacker's DHCP server could send crafted responses to your computer and cause it to run programs as root.
Software Description: - dhcp3: DHCP Client
Details:
USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 9.10 and higher. This update fixes the problem.
Original advisory details:
Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses. An attacker could use this flaw with a malicious DHCP server to execute arbitrary code, resulting in root privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: dhcp3-client 3.1.3-2ubuntu6.2
Ubuntu 10.04 LTS: dhcp3-client 3.1.3-2ubuntu3.2
Ubuntu 9.10: dhcp3-client 3.1.2-1ubuntu7.3
In general, a standard system update will make all the necessary changes.
References: CVE-2011-0997
Package Information: https://launchpad.net/ubuntu/+source/dhcp3/3.1.3-2ubuntu6.2 https://launchpad.net/ubuntu/+source/dhcp3/3.1.3-2ubuntu3.2 https://launchpad.net/ubuntu/+source/dhcp3/3.1.2-1ubuntu7.3
--Ó7MTs/BC3N0bRbriJhp3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJNrdknAAoJEGVp2FWnRL6T3jcP/ix5xD5PyBjVeyQJyVWOcYFH xUC2GFg97TUVciB3wN2kAkhYmEbM1Nen2jb8wZJcyHHt3qudls8pqZgmLZi+7WWe jVrLwWiZRqoYPCYEMIZeJD4laOUB6+YALE4c0T2iDoMcYTnRABUPHP2HY2b/FH8H hRRFeqIi+h6cDa3c9YwAaA623v2VhnJqafjWHginvyGy6A6mCdBactIqrJqSfbFk cICeC9UJWiiGs1PGZkfhSWXQ/4HMl8rmidmBTL/Vk0Ki51e+J2QAam2UP7dbLd9I ZD+USKJB5UJMlzbc55QKj3YbwXSX+Dkr2gvTsOBebbsQeTcJBeeqleOwkkwj8TxV v0gQRwCbX8Nvwt4SvyQfbwyBQ1QzNoWk2BRL1LxSkw6F1/FrhGwycetz+g2Wlfhh NLiYA55Q8fS/gAnNAKSw22M+Vc47+Wt0F+7CQXNaQr9os6vvi6JonvlGT5WtS3wr fRcG8gYNUS1TLNqr6wP+UwKRZO+zH1n5VhRmLzp1FS9t5XrfuKek9LvTLjk2JF/A OP+735u/ixJxX+NCNXZBlWBgdjVyGzrXHrnsyPcCpC+Jw/0M+9b5OY/+JpglANi5 Qgr1eClnlSu0fGFSJz4nHMvk9IhTD3ka87dJQZIzg+aFXWMW1JjWZcKDavCAsfPG rVvJQ7E3PAk3wsj3DJHw =ykZ2 -----END PGP SIGNATURE-----
--=-Z7MTs/BC3N0bRbriJhp3--
--===============8934525352584935430== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8934525352584935430==--
|
|
|
|