5287214 2000-07-20  22:18  /29 rader/ Postmaster
Mottagare: Bugtraq (import) <11825>
Ärende: New DHCP releases: 2.0pl3 and 3.0b1pl17
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Message-ID:  <200007200546.WAA03963@grosse.bisbee.fugue.com>
Date:         Wed, 19 Jul 2000 22:46:32 -0700
Reply-To: Ted Lemon <mellon@NOMINUM.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Ted Lemon <mellon@NOMINUM.COM>
To: BUGTRAQ@SECURITYFOCUS.COM

These releases fix a lingering security problem that was partially
fixed in 2.0pl2 and 3.0b1pl14 that made it possible for a rogue DHCP
server to provide information to the DHCP client that would cause it
to execute arbitrary commands as root.   This fix is similar to a fix
implemented by the OpenBSD folks.

IF YOU ARE RUNNING VERSIONS OF THE ISC DHCP CLIENT PRIOR to 2.0pl2 or
3.0b1pl17, PLEASE UPGRADE ASAP.

This patch is NOT necessary for ISC DHCP server users - only for users
of the ISC DHCP client.

Users of the ISC DHCP client from the head of the anoncvs tree prior
to July 20 at 5:36 AM, UTC, should also upgrade.

Both versions of the ISC DHCP Distribution are available at
ftp://ftp.isc.org/isc/dhcp.

			       _MelloN_
(5287214) ------------------------------------------