[SunRay-Users] FYI: Security Vulnerabilities in DHCP Handling of DHCP Requests

Stoyan Angelov s_angelov_lists at filibeto.org
Sat Nov 8 21:51:55 EET 2008 

Document Audience: PUBLIC
Document ID: 243806
Title: Security Vulnerabilities in DHCP Handling of DHCP Requests May  
Allow Remote Users to Execute Arbitrary Code or Cause a Denial of the  
DHCP Service
Copyright Notice: Copyright © 2008 Sun Microsystems, Inc. All Rights  
Reserved
Update Date: Fri Nov 07 00:00:00 MST 2008
Solution Type: Sun Alert

Solution  243806 :   Security Vulnerabilities in DHCP Handling of DHCP  
Requests May Allow Remote Users to Execute Arbitrary Code or Cause a  
Denial of the DHCP Service

Related Categories
	Home>Content>Sun Alert Criteria Categories>Security
	Home>Content>Sun Alert Release Phase>Resolved


Bug ID
6619398, 6713805


Product
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
OpenSolaris


Date of Resolved Release
07-Nov-2008


SA Document Body
Security Vulnerabilities in DHCP Handling of DHCP Requests May Allow  
Remote Users to Execute Arbitrary Code or Cause a Denial of the DHCP  
Service

1. Impact

Security vulnerabilities in the DHCP (in.dhcpd(1M)) server handling of  
DHCP requests may allow a remote unprivileged user to kill the DHCP  
server daemon (Denial of Service) or to execute arbitrary code as the  
root user.

One of the issues described here is also referenced in the following  
document:

CVE-2007-5365 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5365

2. Contributing Factors

These issues can occur in the following releases:

SPARC Platform
	Solaris 8 without patch 109077-21
	Solaris 9 without patch 112837-16
	Solaris 10 without patch 138876-01
	OpenSolaris based upon builds snv_01 through snv_102

x86 Platform
	Solaris 8 without patch 109078-21
	Solaris 9 without patch 114265-15
	Solaris 10 without patch 138877-01
	OpenSolaris based upon builds snv_01 through snv_102

Notes:

1. Only OpenSolaris installations which include the affected binary / 
usr/lib/inet/in.dhcpd and have the DHCP server configured and running  
are impacted by this issue.

2. OpenSolaris distributions may include additional bug fixes above  
and beyond the build from which it was derived. The base build can be  
derived as follows:

$ uname -v
snv_86

3. Only systems which are configured as a DHCP server are impacted by  
this issue. To determine if a system is configured as a DHCP server,  
the following command can be run.

$ svcs svc:/network/dhcp-server:default
STATE         STIME    FMRI
online        Sep_09   svc:/network/dhcp-server:default

If the output shows the state is online, then the system is configured  
as a DHCP server.

3. Symptoms

The security vulnerability which allows arbitrary code executio, has  
no reliable symptoms that would indicate the issue has been exploited.

The security vulnerability which allows a denial of of teh DHCP  
service will result in the DHCP server daemon exiting with an  
"Assertion failed" error message.

4. Workaround

There are no workarounds for these issues. Please see the Resolution  
section below.

5. Resolution
These issues are addressed in the following releases:

SPARC Platform
	Solaris 8 with patch 109077-21 or later
	Solaris 9 with patch 112837-16 or later
	Solaris 10 with patch 138876-01 or later
	OpenSolaris based upon builds snv_103 or later

x86 Platform
	Solaris 8 with patch 109078-21 or later
	Solaris 9 with patch 114265-15 or later
	Solaris 10 with patch 138877-01 or later
	OpenSolaris based upon builds snv_103 or later

For more information on Security Sun Alerts, see Technical Instruction  
ID 213557.

This Sun Alert notification is being provided to you on an "AS IS"  
basis. This Sun Alert notification may contain information provided by  
third parties. The issues described in this Sun Alert notification may  
or may not impact your system(s). Sun makes no representations,  
warranties, or guarantees as to the information contained herein. ANY  
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION  
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR  
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT  
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,  
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE  
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.  
This Sun Alert notification contains Sun proprietary and confidential  
information. It is being provided to you pursuant to the provisions of  
your agreement to purchase services from Sun, or, if you do not have  
such an agreement, the Sun.com Terms of Use. This Sun Alert  
notification may only be used for the purposes contemplated by these  
agreements.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa  
Clara, CA 95054 U.S.A. All rights reserved.

Attachments
This solution has no attachment


original link: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-243806-1

greetings,

Stoyan Angelov

More information about the SunRay-Users mailing list