Debian Security Advisory DSA 584-1 (dhcp) Network Vulnerability

Summary

The remote host is missing an update to dhcp announced via advisory DSA 584-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20584-1

Insight

infamous41md noticed that the log functions in dhcp 2.x, which is still distributed in the stable Debian release, contained pass parameters to function that use format strings. One use seems to be exploitable in connection with a malicious DNS server. For the stable distribution (woody) these problems have been fixed in version 2.0pl5-11woody1. For the unstable distribution (sid) these problems have been fixed in version 2.0pl5-19.1. We recommend that you upgrade your dhcp package.

Severity

Classification

CVE CVE-2004-1006

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 076-1 (most)
Debian Security Advisory DSA 1031-1 (cacti)
Debian Security Advisory DSA 1038-1 (xzgv)
Debian Security Advisory DSA 091-1 (ssh)
Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27)

Take action and discover your vulnerabilities