CVE-2005-1848
CVSS5.0
发布时间 :2005-07-11 00:00:00
修订时间 :2008-09-05 16:50:15
NMCOPS    

[原文]The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read.


[CNNVD]PhysTech dhcpd 拒绝服务漏洞(CNNVD-200507-084)

        dhcpcd是一款RFC2131和RFC1541兼容DHCP客户端守护程序,用于自动配置IPv4网络。
        Hcpcd 1.3.22之前版本中存在远程拒绝服务漏洞。
        远程攻击者可通过目前未知的攻击方式,导致内存越界访问,造成守护程序崩溃,产生拒绝服务。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1848
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1848
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-084
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2005/dsa-750
(VENDOR_ADVISORY)  DEBIAN  DSA-750
http://www.redhat.com/support/errata/RHSA-2005-603.html
(UNKNOWN)  REDHAT  RHSA-2005:603

- 漏洞信息

PhysTech dhcpd 拒绝服务漏洞
中危 其他
2005-07-11 00:00:00 2005-10-20 00:00:00
远程  
        dhcpcd是一款RFC2131和RFC1541兼容DHCP客户端守护程序,用于自动配置IPv4网络。
        Hcpcd 1.3.22之前版本中存在远程拒绝服务漏洞。
        远程攻击者可通过目前未知的攻击方式,导致内存越界访问,造成守护程序崩溃,产生拒绝服务。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.phystech.com/download/dhcpcd.html

- 漏洞信息 (F38735)

Gentoo Linux Security Advisory 200507-16 (PacketStormID:F38735)
2005-07-16 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-1848
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-16 - infamous42md discovered that dhcpcd can be tricked to read past the end of the supplied DHCP buffer. As a result, this might lead to a crash of the daemon. Versions less than 1.3.22_p4-r11 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: dhcpcd: Denial of Service vulnerability
      Date: July 15, 2005
      Bugs: #98394
        ID: 200507-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability in dhcpcd may cause the dhcpcd daemon to crash.

Background
==========

dhcpcd is a standards compliant DHCP client daemon. It requests an IP
address and other information from the DHCP server, automatically
configures the network interface, and tries to renew the lease time.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /     Vulnerable     /                Unaffected
    -------------------------------------------------------------------
  1  net-misc/dhcpcd      < 1.3.22_p4-r11             >= 1.3.22_p4-r11

Description
===========

infamous42md discovered that dhcpcd can be tricked to read past the end
of the supplied DHCP buffer. As a result, this might lead to a crash of
the daemon.

Impact
======

With a malicious DHCP server an attacker could cause a Denial of
Service by crashing the DHCP client.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All dhcpcd users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-1.3.22_p4-r11"

References
==========

  [ 1 ] CAN-2005-1848
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-16.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F38599)

Debian Linux Security Advisory 750-1 (PacketStormID:F38599)
2005-07-12 00:00:00
Debian  security.debian.org
advisory
linux,debian
CVE-2005-1848
[点击下载]

Debian Security Advisory DSA 750-1 - infamous42md discovered that dhcpcd, a DHCP client for automatically configuring IPv4 networking, can be tricked into reading past the end of the supplied DHCP buffer which could lead to the daemon crashing.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 750-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 11th, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : dhcpcd
Vulnerability  : out-of-bound memory access
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-1848

"infamous42md" discovered that dhcpcd, a DHCP client for automatically
configuring IPv4 networking, can be tricked into reading past the end
of the supplied DHCP buffer which could lead to the daemon crashing.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 1.3.22pl4-21sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.3.22pl4-22.

We recommend that you upgrade your dhcpcd package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1.dsc
      Size/MD5 checksum:      592 b6f08de07c771dfa88ee4c2da213c8ef
    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1.diff.gz
      Size/MD5 checksum:    44718 bde490fd50bea65991eff869db8cb947
    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4.orig.tar.gz
      Size/MD5 checksum:   148273 59669a4110a2061f05c1c6fa6171bed2

  Alpha architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_alpha.deb
      Size/MD5 checksum:    70610 6bd6b7a893cee910bdb9cc146382f042

  ARM architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_arm.deb
      Size/MD5 checksum:    61322 066e0c5510629d03a56261c60e3ffeda

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_i386.deb
      Size/MD5 checksum:    57394 1b376dc7cc9db55598fa231e848576e0

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_ia64.deb
      Size/MD5 checksum:    78624 31cc80567333e8538ec516cdb3986e1d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_hppa.deb
      Size/MD5 checksum:    64312 f3558fc2bfdc41d27596f5c02aab4765

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_m68k.deb
      Size/MD5 checksum:    55526 36c9b163754358f111d340b150d46f7a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_mips.deb
      Size/MD5 checksum:    62664 e624f951d018d069ef84757985f4c33e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_mipsel.deb
      Size/MD5 checksum:    62868 0c20a5f40098c62423c21ec50bb054de

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_powerpc.deb
      Size/MD5 checksum:    59848 f2763a581130fec32fe15f37aabe0168

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_s390.deb
      Size/MD5 checksum:    59668 1549b23d2e50886cbaa5848961c64745

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_sparc.deb
      Size/MD5 checksum:    61234 ff9565a968d5d57f8ece62fcadfeeca7


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC0k+rW5ql+IAeqTIRAgZiAJ4vBs/To/6leqrMC5sn3ON6gODpNgCggpll
EjIOTzTRYR9CQS0sM5xkcwQ=
=i5EW
-----END PGP SIGNATURE-----

    

- 漏洞信息

17813
dhcpcd Unspecified Out-of-bounds Memory Access DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-07-11 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.0.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

DHCPCD Remote Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 14206
Yes No
2005-07-11 12:00:00 2009-07-12 04:06:00
Discovery is credited to infamous42md.

- 受影响的程序版本

Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Phystech dhcpcd 1.3.22 -pl4
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Gentoo Linux
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
IPCop IPCop 1.4.6
IPCop IPCop 1.4.5
IPCop IPCop 1.4.4
IPCop IPCop 1.4.2
IPCop IPCop 1.4.1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
Conectiva Linux 9.0

- 漏洞讨论

dhcpcd is prone to a remote denial of service vulnerability.

The issue presents itself when the application handles malformed data and accesses out of bounds memory.

dhcpcd 1.3.22pl4 is reported to be affected. It is possible that older versions are vulnerable as well.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Debian has released advisory DSA 750-1 to address this issue. Please see the referenced advisory for more information.

Mandriva has released advisory MDKSA-2005:117, along with fixes to address this issue. Please see the referenced advisory for further information.

Gentoo has released advisory GLSA 200507-16 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-1.3.22_p4-r11"

Conectiva Linux has released security advisory CLSA-2005:983 addressing this issue for Conectiva Linux 9 and 10. Please see the referenced advisory for further information.

RedHat Linux has released security advisory RHSA-2005:603-07 addressing this issue for their Enterprise and Advanced Workstation editions. Please see the referenced advisory for further information.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced advisory for further information.

An updated version of IPCop is available to address this and other issues.

Slackware Linux has released advisory SSA:2005-255-01, along with fixes to address this issue. Please see the referenced advisory for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Phystech dhcpcd 1.3.22 -pl4

IPCop IPCop 1.4.1

IPCop IPCop 1.4.2

IPCop IPCop 1.4.4

IPCop IPCop 1.4.5

IPCop IPCop 1.4.6

Slackware Linux 10.0

Slackware Linux 10.1

Slackware Linux 8.1

Slackware Linux 9.0

Slackware Linux 9.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站