RedHat Security Advisory RHSA-2009:1136 Network Vulnerability

Summary

The remote host is missing updates announced in advisory RHSA-2009:1136. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct this issue.

Solution

Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date

References

http://rhn.redhat.com/errata/RHSA-2009-1136.html
http://www.redhat.com/security/updates/classification/#critical

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0692

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:0410
RedHat Security Advisory RHSA-2009:0420
RedHat Security Advisory RHSA-2009:1157
RedHat Security Advisory RHSA-2009:0397
RedHat Security Advisory RHSA-2009:1125

Take action and discover your vulnerabilities