1. Server >
  2. Unix Server >
  3. USN-2868-1: DHCP vulnerability

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

USN-2868-1: DHCP vulnerability


Unix Server vom | Direktlink: ubuntu.com Nachrichten Bewertung

Ubuntu Security Notice USN-2868-1

13th January, 2016

isc-dhcp vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

DHCP server, client, or relay could be made to crash if they received specially crafted network traffic.

Software description

  • isc-dhcp - DHCP server and client

Details

Sebastian Poehn discovered that the DHCP server, client, and relay
incorrectly handled certain malformed UDP packets. A remote attacker could
use this issue to cause the DHCP server, client, or relay to stop
responding, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.10:
isc-dhcp-server 4.3.1-5ubuntu3.1
isc-dhcp-relay 4.3.1-5ubuntu3.1
isc-dhcp-client 4.3.1-5ubuntu3.1
isc-dhcp-server-ldap 4.3.1-5ubuntu3.1
Ubuntu 15.04:
isc-dhcp-server 4.3.1-5ubuntu2.3
isc-dhcp-relay 4.3.1-5ubuntu2.3
isc-dhcp-client 4.3.1-5ubuntu2.3
isc-dhcp-server-ldap 4.3.1-5ubuntu2.3
Ubuntu 14.04 LTS:
isc-dhcp-server 4.2.4-7ubuntu12.4
isc-dhcp-relay 4.2.4-7ubuntu12.4
isc-dhcp-client 4.2.4-7ubuntu12.4
isc-dhcp-server-ldap 4.2.4-7ubuntu12.4
Ubuntu 12.04 LTS:
isc-dhcp-server 4.1.ESV-R4-0ubuntu5.10
isc-dhcp-relay 4.1.ESV-R4-0ubuntu5.10
isc-dhcp-client 4.1.ESV-R4-0ubuntu5.10
isc-dhcp-server-ldap 4.1.ESV-R4-0ubuntu5.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-8605

...
http://www.ubuntu.com/usn/usn-2868-1/

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

Kommentiere zu USN-2868-1: DHCP vulnerability






➤ Weitere Beiträge von Team Security | IT Sicherheit

USN-2868-1: DHCP vulnerability

vom 627.74 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-2868-1 13th January, 2016 isc-dhcp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary DHCP server, c

USN-2868-1: DHCP vulnerability

vom 627.74 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-2868-1 13th January, 2016 isc-dhcp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary DHCP server, c

USN-3586-1: DHCP vulnerabilities

vom 496.37 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3586-1 1st March, 2018 isc-dhcp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixe

CVE-2020-3947: Use-After-Free Vulnerability in the VMware Workstation DHCP Component

vom 178.96 Punkte ic_school_black_18dp
Ever since introducing the virtualization category at Pwn2Own in 2016, guest-to-host escapes have been a highlight of the contest. This year’s event was no exception. Other guest-to-host escapes have also come through the ZDI program throughout the year. I

CVE-2019-0726: An RCE Vulnerability in the Windows 10 DHCP Client

vom 158.93 Punkte ic_school_black_18dp
In January of this year, Microsoft released a patch to correct a flaw in the DHCP Client service in Windows. An attacker could potentially get their code running on an affected system just by sending a specially crafted DHCP response. The root cause

The August 2019 Security Update Review

vom 150.84 Punkte ic_school_black_18dp
August is here and it brings with it the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for August 2019 Adobe relea

Trane ComfortLink II 2.0.2 DSS Service REG Request Stack-Based Pufferüberlauf

vom 142.12 Punkte ic_school_black_18dp
Es wurde eine Schwachstelle in Trane ComfortLink II 2.0.2 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine unbekannte Funktion der Komponente DSS Service. Dank Manipulation durch REG Request kann eine Pufferüberlauf-Schwachstelle (Stack-Based) ausgen

Trane ComfortLink II 2.0.2 DSS Service REG Request Stack-Based Pufferüberlauf

vom 142.12 Punkte ic_school_black_18dp
Es wurde eine Schwachstelle in Trane ComfortLink II 2.0.2 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine unbekannte Funktion der Komponente DSS Service. Dank Manipulation durch REG Request kann eine Pufferüberlauf-Schwachstelle (Stack-Based) ausgen

The May 2019 Security Update Review

vom 109.54 Punkte ic_school_black_18dp
May is here and so are the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for May 2019 This month, Ad

Critical Remote Code Execution Vulnerability in DHCP Client Let Hackers Take Control of the Network

vom 105.95 Punkte ic_school_black_18dp
A critical remote code execution vulnerability that resides in the DHCP client allows attackers to take control of the system by sending malicious DHCP reply packets. A Dynamic Host Configuration Protocol (DHCP) Client allows a device to act as a host requ

Cisco IOS/IOS XE DHCP Relay erweiterte Rechte [CVE-2017-12240]

vom 105.31 Punkte ic_school_black_18dp
In Cisco IOS sowie IOS XE - eine genaue Versionsangabe ist nicht möglich - wurde eine Schwachstelle ausgemacht. Sie wurde als sehr kritisch eingestuft. Betroffen ist eine unbekannte Funktion der Komponente DHCP Relay. Durch die Manipulation mit einer u

The February 2019 Security Update Review

vom 103.76 Punkte ic_school_black_18dp
February is here and with it comes the latest in security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2019