diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-00:34.dhclient.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-00:34.dhclient.asc | 125 |
1 files changed, 0 insertions, 125 deletions
diff --git a/share/security/advisories/FreeBSD-SA-00:34.dhclient.asc b/share/security/advisories/FreeBSD-SA-00:34.dhclient.asc deleted file mode 100644 index e00a0e089b..0000000000 --- a/share/security/advisories/FreeBSD-SA-00:34.dhclient.asc +++ /dev/null @@ -1,125 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- - -============================================================================= -FreeBSD-SA-00:34 Security Advisory - FreeBSD, Inc. - -Topic: dhclient vulnerable to malicious dhcp server - -Category: core, ports -Module: dhclient, isc-dhcp2 (ports), isc-dhcp3 (ports) -Announced: 2000-08-14 -Affects: All releases of FreeBSD after FreeBSD 3.2-RELEASE and - prior to the correction date (including FreeBSD 4.0 - and 3.5, but not 4.1) - Ports collection prior to the correction date. -Credits: OpenBSD -Vendor status: Updated version released -Corrected: 2000-07-20 [FreeBSD 4.0 base system] - 2000-08-01 [isc-dhcp2 port] - 2000-07-21 [isc-dhcp3 port] -FreeBSD only: NO - -I. Background - -ISC-DHCP is an implementation of the DHCP protocol containing client -and server. FreeBSD 3.2 and above includes the version 2 client by -default in the base system, and the version 2 and version 3 clients -and servers in the Ports Collection. - -II. Problem Description - -The dhclient utility (DHCP client), versions 2.0pl2 and before (for -the version 2.x series), and versions 3.0b1pl16 and before (for the -version 3.x series) does not correctly validate input from the server, -allowing a malicious DHCP server to execute arbitrary commands as root -on the client. DHCP may be enabled if your system was initially -configured from a DHCP server at install-time, or if you have -specifically enabled it after installation. - -FreeBSD 4.1 is not affected by this problem since it contains the -2.0pl3 client. - -III. Impact - -An attacker who has or gains control of a DHCP server may gain -additional root access to DHCP clients running vulnerable versions of -ISC-DHCP. - -If you are not using dhclient to configure client machines via DHCP, -or your DHCP server is "trusted" according to your local security -policy, then this vulnerability does not apply to you. - -IV. Workaround - -Disable the use of DHCP for configuring client machines: remove the -case-insensitive string "dhcp" from the "ifconfig_<foo>" directives in -/etc/rc.conf and replace it with appropriate static interface -configuration according to the rc.conf(5) manpage. - -An example of a DHCP-enabled interface is the following line in -/etc/rc.conf: - -ifconfig_xl0="DHCP" - -V. Solution - -NOTE: At this time the FreeBSD 3.x branch has not yet been patched, -due to logistical difficulties. Users running a vulnerable 3.x system -are advised to either upgrade to FreeBSD 4.1, disable the use of -DHCP as described above, or use the dhclient binary from the isc-dhcp2 -port dated after the correction date. - -1) Upgrade your vulnerable FreeBSD 4.0 system to a version dated after the -correction date. See - -http://www.freebsd.org/handbook/makeworld.html - -for instructions on how to upgrade and recompile your FreeBSD system -from source, or perform a binary upgrade, e.g. to FreeBSD 4.1-RELEASE, -described here: - -http://www.freebsd.org/releases/4.1R/notes.html - -2) (If using the isc-dhcp2 or isc-dhcp3 ports) One of the following: - -2a) Upgrade your entire ports collection and rebuild the isc-dhcp2 or isc-dhcp3 port. - -2b) Deinstall the old package and install a new package dated after the -correction date, obtained from: - -[isc-dhcp3] - -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/isc-dhcp3-3.0.b1.17.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/isc-dhcp3-3.0.b1.17.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/isc-dhcp3-3.0.b1.17.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/isc-dhcp3-3.0.b1.17.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/isc-dhcp3-3.0.b1.17.tgz - -NOTE: The isc-dhcp2 port is not available as a package. - -2c) download a new port skeleton for the isc-dhcp2 or isc-dhcp3 port from: - -http://www.freebsd.org/ports/ - -and use it to rebuild the port. - -2d) Use the portcheckout utility to automate option (3) above. The -portcheckout port is available in /usr/ports/devel/portcheckout or the -package can be obtained from: - -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz - ------BEGIN PGP SIGNATURE----- -Version: 2.6.2 - -iQCVAwUBOZh3J1UuHi5z0oilAQHXBQQAmCLlTUfikHbgBelFd22agjTo/AVwR933 -El0AMRHakiBJAHTMseZ4Nj+HyGUgVzD3oRMgmjx1u+HUCQM2/akuXXZdSHlur5Jc -OyEGxcwxyzYXnNzWAL1vh6MYrpkGDfh74bHircLdO16d6uC1d+0VFmkxUOOFN4zb -g7yK3m2ZOxo= -=qTwd ------END PGP SIGNATURE----- |