安全研究

安全漏洞
DHCPCD远程拒绝服务漏洞

发布日期:2005-07-12
更新日期:2005-07-12

受影响系统:
Phystech dhcpcd 1.3.22-pl4
    - Debian Linux 3.1
描述:
BUGTRAQ  ID: 14206
CVE(CAN) ID: CVE-2005-1848

dhcpcd是一款RFC2131和RFC1541兼容DHCP客户端守护程序,用于自动配置IPv4网络。

dhcpcd中存在远程拒绝服务漏洞,起因是在处理畸形数据时的跨界内存访问。

目前更多信息不详。

<*来源:infamous42md
  
  链接:http://www.debian.org/security/2005/dsa-750
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-750-1)以及相应补丁:
DSA-750-1:New dhcpcd packages fix denial of service
链接:http://www.debian.org/security/2005/dsa-750

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1.dsc
Size/MD5 checksum:      592 b6f08de07c771dfa88ee4c2da213c8ef
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1.diff.gz
Size/MD5 checksum:    44718 bde490fd50bea65991eff869db8cb947
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4.orig.tar.gz
Size/MD5 checksum:   148273 59669a4110a2061f05c1c6fa6171bed2

Alpha architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_alpha.deb
Size/MD5 checksum:    70610 6bd6b7a893cee910bdb9cc146382f042

ARM architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_arm.deb
Size/MD5 checksum:    61322 066e0c5510629d03a56261c60e3ffeda

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_i386.deb
Size/MD5 checksum:    57394 1b376dc7cc9db55598fa231e848576e0

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_ia64.deb
Size/MD5 checksum:    78624 31cc80567333e8538ec516cdb3986e1d

HP Precision architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_hppa.deb
Size/MD5 checksum:    64312 f3558fc2bfdc41d27596f5c02aab4765

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_m68k.deb
Size/MD5 checksum:    55526 36c9b163754358f111d340b150d46f7a

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_mips.deb
Size/MD5 checksum:    62664 e624f951d018d069ef84757985f4c33e

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_mipsel.deb
Size/MD5 checksum:    62868 0c20a5f40098c62423c21ec50bb054de

PowerPC architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_powerpc.deb
Size/MD5 checksum:    59848 f2763a581130fec32fe15f37aabe0168

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_s390.deb
Size/MD5 checksum:    59668 1549b23d2e50886cbaa5848961c64745

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_sparc.deb
Size/MD5 checksum:    61234 ff9565a968d5d57f8ece62fcadfeeca7

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

浏览次数:3861
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客