ISC DHCPD dhcrelay外部网络数据包漏洞

漏洞信息详情

ISC DHCPD dhcrelay外部网络数据包漏洞

• CNNVD编号：CNNVD-200302-016
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2003-0039
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2003-02-07
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-13
  
• 厂        商：
  
  isc
• 漏洞来源：
  This vulnerability…

ISC dhcrelay (dhcp-relay) 3.0rc9及其之前版本，以及可能其他版本存在漏洞。远程攻击者可以借助被转发到广播MAC地址的特定BOOTP数据包导致服务拒绝，该漏洞导致不能被跳计数限制的无限循环。

Conectiva Linux has released an advisory (CLA-2003:616). Information about applying fixes is available in the referenced advisory. Fixes are available below.
Debian has made fixes available. See referenced advisory DSA 245-1 for additional details.
OpenPKG has released a security advisory (OpenPKG-SA-2003.012) which contains fix information. OpenPKG users are advised to upgrade their dhcpd packages as soon as possible.
Conectiva has also released an advisory (CLSA-2003:791) including a fix to address this issue in CLEE 1.0.
Fixes:
ISC DHCPD 3.0 pl1

• Red Hat dhclient-3.0pl1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/dhclient-3.0pl1-26.i386.rpm
• Red Hat dhcp-3.0pl1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/dhcp-3.0pl1-26.i386.rpm
• Red Hat dhcp-devel-3.0pl1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/dhcp-devel-3.0pl1-26.i386.rpm

ISC DHCPD 3.0.1 rc11

• Conectiva dhcp-3.0-3U80_3cl.i386.rpmConectiva Linux 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/dhcp-3.0-3U80_3cl.i386.rpm
• Conectiva dhcp-3.0-3U80_3cl.src.rpmConectiva Linux 8.0
  ftp://atualizacoes.conectiva.com.br/8/SRPMS/dhcp-3.0-3U80_3cl.src.rpm
• Conectiva dhcp-doc-3.0-3U80_3cl.i386.rpmConectiva Linux 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/dhcp-doc-3.0-3U80_3cl.i386.
  rpm
• OpenPKG dhcpd-3.0.1rc11-1.2.1.src.rpm
  ftp://ftp.openpkg.org/release/1.2/UPD/dhcpd-3.0.1rc11-1.2.1.src.rpm

ISC DHCPD 3.0.1 rc9

• Conectiva dhcp-server-3.0.1rc9-109.i586.rpm
  ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/dhcp-server-3.0.1rc9-1
  09.i586.rpm
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_alpha.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_alpha.deb
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_arm.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_arm.deb
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_hppa.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_hppa.deb
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_i386.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_i386.deb
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_ia64.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_ia64.deb
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_m68k.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_m68k.deb
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_mips.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_mips.deb
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_mipsel.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_mipsel.deb
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_powerpc.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_powerpc.deb
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_s390.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_s390.deb
• Debian dhcp3-client_3.0+3.0.1rc9-2.2.woody_sparc.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+
  3.0.1rc9-2.2_sparc.deb
• Debian dhcp3-common_3.0+3.0.1rc9-2.2.woody_alpha.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+
  3.0.1rc9-2.2_alpha.deb
• Debian dhcp3-common_3.0+3.0.1rc9-2.2.woody_arm.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+
  3.0.1rc9-2.2_arm.deb
• Debian dhcp3-common_3.0+3.0.1rc9-2.2.woody_hppa.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+
  3.0.1rc9-2.2_hppa.deb
• Debian dhcp3-common_3.0+3.0.1rc9-2.2.woody_i386.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+
  3.0.1rc9-2.2_i386.deb
• Debian dhcp3-common_3.0+3.0.1rc9-2.2.woody_ia64.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+
  3.0.1rc9-2.2_ia64.deb
• Debian dhcp3-common_3.0+3.0.1rc9-2.2.woody_m68k.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+
  3.0.1rc9-2.2_m68k.deb
• Debian dhcp3-common_3.0+3.0.1rc9-2.2.woody_mips.debDebian Woody 3.0.
  
  http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+
  3.0.1rc9-2.2_mips.deb
• Debian dhcp3-common_3.0+3.0.1rc9-2.2.woody_mipsel.deb

来源:US-CERT Vulnerability Note: VU#149953
名称: VU#149953
链接:http://www.kb.cert.org/vuls/id/149953

来源: DEBIAN
名称: DSA-245
链接:http://www.debian.org/security/2003/dsa-245

来源: BUGTRAQ
名称: 20030115 DoS against DHCP infrastructure with isc dhcrelay
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104310927813830&w=2

来源: XF
名称: dhcp-dhcrelay-dos(11187)
链接:http://xforce.iss.net/xforce/xfdb/11187

来源: BID
名称: 6628
链接:http://www.securityfocus.com/bid/6628

来源: REDHAT
名称: RHSA-2003:034
链接:http://www.redhat.com/support/errata/RHSA-2003-034.html

来源: BUGTRAQ
名称: 20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)
链接:http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html

来源: CONECTIVA
名称: CLSA-2003:616
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616

来源: TURBO
名称: TLSA-2003-26
链接:http://cc.turbolinux.com/security/TLSA-2003-26.txt