Security Advisory Updated dhcp packages fix possible packet storm

Advisory: RHSA-2003:034-06
Type: Security Advisory
Severity: N/A
Issued on: 2003-03-31
Last updated on: 2003-03-31
Affected Products: Red Hat Linux 8.0
OVAL: N/A
CVEs (cve.mitre.org): CVE-2003-0039

Details

A potential remote denial of service attack affects version 3 of the ISC
DHCPD server. This advisory provides fixed packages for Red Hat Linux 8.0.

The dhcp package provides the ISC Dynamic Host Configuration Protocol
(DHCP) server and relay agent. DHCP is a protocol that allows devices to
get their own network configuration information from a server.

Florian Lohoff reported that the ISC dhcrelay (dhcp-relay) in 3.0rc9 and
earlier allows remote attackers to cause a denial of service (packet
storm) by constructing a malicious BOOTP packet that is forwarded to a
broadcast MAC address, causing an infinite loop.

Red Hat Linux 8.0 shipped with a version of DHCP that is vulnerable to
this issue. Other distributions of Red Hat Linux and Red Hat Linux
Advanced Server are based on version 2 of DHCP, and are not vulnerable to
this issue.

These erratum packages contain a patch that introduces a new command line
switch to dhcrelay, "-c maxcount". This switch can be used to limit the
hopcount and so avoid any infinite loops. We advise users of dhcp-relay to
specify a small number for the maximum hop count; for example "dhcrelay -c 10".


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 8.0
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/dhcp-3.0pl1-26.src.rpm
Missing file		     c96c16fa9605745ca94d2acafea2862a
 
IA-32:
ftp://updates.redhat.com/8.0/en/os/i386/dhclient-3.0pl1-26.i386.rpm
Missing file		     e9ef52a8859a1b9776ef9276495dea35
ftp://updates.redhat.com/8.0/en/os/i386/dhcp-3.0pl1-26.i386.rpm
Missing file		     5a11c839e1824a5eecb71d098007fed8
ftp://updates.redhat.com/8.0/en/os/i386/dhcp-devel-3.0pl1-26.i386.rpm
Missing file		     3f6de3a2cbe96c7b8402e2fcb90fe0a8
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0039
http://marc.theaimsgroup.com/?l=bugtraq&m=104310927813830

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/