CVE-2009-0692

Name of the Vulnerable Software and Affected Versions dhcp versions prior to 3.1.1-r1 dhcp-relay versions (affected versions not specified) dhcp-server versions (affected versions not specified) dhcp-client versions (affected versions not specified) dhcp3-dev versions (affected versions not specified) dhcp3-client versions (affected versions not specified) dhcp3-relay versions (affected versions not specified) dhcp3-server versions (affected versions not specified) dhcp3-server-ldap versions (affected versions not specified) dhcp3-common versions (affected versions not specified) libvolume id versions (affected versions not specified) libvolume id-devel versions (affected versions not specified) libvolume id1 versions (affected versions not specified) udev versions (affected versions not specified) udev-debugsource versions (affected versions not specified) udev-debuginfo versions (affected versions not specified) libudev-devel versions (affected versions not specified) libudev0 versions (affected versions not specified)

Description The issue is related to multiple vulnerabilities in various packages of different operating systems, including SUSE Linux Enterprise, openSUSE, Gentoo Linux, and Debian GNU/Linux. These vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely or locally, depending on the specific package and operating system. According to the information from Mitre, a stack-based buffer overflow in the script write params method in client/dhclient.c in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.

Recommendations As a temporary workaround, consider disabling the dhcp service until a patch is available. Restrict access to the vulnerable dhcp-relay and dhcp-server modules to minimize the risk of exploitation. Avoid using the dhcp-client until the issue is resolved. Update dhcp to version 3.1.1-r1 or later. Update dhcp3-dev to the latest version. Update dhcp3-client to the latest version. Update dhcp3-relay to the latest version. Update dhcp3-server to the latest version. Update dhcp3-server-ldap to the latest version. Update dhcp3-common to the latest version. Update libvolume id to the latest version. Update libvolume id-devel to the latest version. Update libvolume id1 to the latest version. Update udev to the latest version. Update udev-debugsource to the latest version. Update udev-debuginfo to the latest version. Update libudev-devel to the latest version. Update libudev0 to the latest version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.