Summary
The remote host is missing updates announced in
advisory SUSE-SA:2009:037.
Solution
Update your system with the packages as indicated in the referenced security advisory.
https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:037
Insight
The DHCP client (dhclient) could be crashed by a malicious DHCP server sending an overlong subnet field (CVE-2009-0692).
In theory a malicious DHCP server could exploit the flaw to execute arbitrary code as root on machines using dhclient to obtain network settings. Newer distributions (SLES10+, openSUSE) do have buffer overflow checking that guards against this kind of stack overflow though. So actual exploitability is rather unlikely.
Severity
Classification
-
CVE CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905, CVE-2009-0642, CVE-2009-0692, CVE-2009-1886, CVE-2009-1888, CVE-2009-1904, CVE-2009-2042 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities