Detections
Analytics
Oracle Linux 4 : dhcp (ELSA-2009-1136)
critical Nessus Plugin ID 67886
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
From Red Hat Security Advisory 2009:1136 :Updated dhcp packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 4.7 Extended Update Support.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address.
The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692)
Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct this issue.
Solution
Update the affected dhcp packages.See Also
https://oss.oracle.com/pipermail/el-errata/2009-July/001075.html
Plugin Details
Severity: Critical
ID: 67886
File Name: oraclelinux_ELSA-2009-1136.nasl
Version: 1.10
Type: local
Agent: unix
Published: 7/12/2013
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:dhclient, p-cpe:/a:oracle:linux:dhcp, p-cpe:/a:oracle:linux:dhcp-devel, cpe:/o:oracle:linux:4
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/15/2009
Vulnerability Publication Date: 7/14/2009
Reference Information
CVE: CVE-2009-0692
BID: 35668