Debian alert: New dhcp3 packages fix potential network flood
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 245-1 security@debian.org http://www.debian.org/security/ Martin Schulze January 28th, 2003 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : dhcp3 Vulnerability : ignored counter boundary Problem-Type : remote Debian-specific: no CVE Id : CAN-2003-0039 Florian Lohoff discovered a bug in the dhcrelay causing it to send a continuing packet storm towards the configured DHCP server(s) in case of a malicious BOOTP packet, such as sent from buggy Cisco switches. When the dhcp-relay receives a BOOTP request it forwards the request to the DHCP server using the broadcast MAC address ff:ff:ff:ff:ff:ff which causes the network interface to reflect the packet back into the socket. To prevent loops the dhcrelay checks whether the relay-address is its own, in which case the packet would be dropped. In combination with a missing upper boundary for the hop counter an attacker can force the dhcp-relay to send a continuing packet storm towards the configured dhcp server(s). This patch introduces a new commandline switch ``-c maxcount'' and people are advised to start the dhcp-relay with ``dhcrelay -c 10'' or a smaller number, which will only create that many packets. The dhcrelay program from the ``dhcp'' package does not seem to be affected since DHCP packets are dropped if they were apparently relayed already. For the stable distribution (woody) this problem has been fixed in version 3.0+3.0.1rc9-2.2. The old stable distribution (potato) does not contain dhcp3 packages. For the unstable distribution (sid) this problem has been fixed in version 1.1.2-1. We recommend that you upgrade your dhcp3 package when you are using the dhcrelay server. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.dsc Size/MD5 checksum: 730 24c46bc59c7b7fbf5af839b1896073cf http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.diff.gz Size/MD5 checksum: 24457 9d555df929ea70ef2b36f7455298a79f http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9.orig.tar.gz Size/MD5 checksum: 809803 3cc4758e5a59362315393a1874dfcb21 Alpha architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_alpha.deb Size/MD5 checksum: 416630 397a678e504608e82480b70da257e3de http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_alpha.deb Size/MD5 checksum: 216102 393965c956aa0c61b87830ade40927ef http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_alpha.deb Size/MD5 checksum: 106904 787c1f7ef446485f153fdb5985f57669 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_alpha.deb Size/MD5 checksum: 287256 9157faf5d681794429640f3c77ef2ae3 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_alpha.deb Size/MD5 checksum: 526892 48d538b72ff214a8ec5b224f9e4716da ARM architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_arm.deb Size/MD5 checksum: 386896 f4f9769ef04b52227b0b1134824a8f58 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_arm.deb Size/MD5 checksum: 188652 b82228305af807ba3588ab0aad6d55aa http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_arm.deb Size/MD5 checksum: 93386 4990ce79c724969a518c8203398c6a36 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_arm.deb Size/MD5 checksum: 273362 16e0bd4a19aaabf42f91d62cde3c806f http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_arm.deb Size/MD5 checksum: 484526 d597e37691b5aba8599fc654354436df Intel IA-32 architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_i386.deb Size/MD5 checksum: 375346 27d1ad0d2b6cfbbdebfcdf034edfef0b http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_i386.deb Size/MD5 checksum: 178596 955644258c1c3447c440ea68240c5595 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_i386.deb Size/MD5 checksum: 82090 88d318c70305922de31c6f0eab7db3e6 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_i386.deb Size/MD5 checksum: 269360 e87afd18b990a9c16e8768152b05fb11 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_i386.deb Size/MD5 checksum: 465170 2bf1b093963bcd214e1edd9a078b7446 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_ia64.deb Size/MD5 checksum: 550076 a46f9f25e3567e22a55df624559f346e http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_ia64.deb Size/MD5 checksum: 339224 d91056b8739382c06dcad9ed9fdce54d http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_ia64.deb Size/MD5 checksum: 134254 11d223ea9054ad0b19d55add7083c21d http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_ia64.deb Size/MD5 checksum: 348766 e546dac3162fee5eab1328c120bc51c4 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_ia64.deb Size/MD5 checksum: 701484 80aa1015319366aa8f6fa6c3e7daa088 HP Precision architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_hppa.deb Size/MD5 checksum: 384876 e971b851045b3399b3280789bfb10dd8 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_hppa.deb Size/MD5 checksum: 188182 13442ca2429b42ef3aa007e84cb686bd http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_hppa.deb Size/MD5 checksum: 93040 37c5a4ea972f80fc4aae1fa18cce870d http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_hppa.deb Size/MD5 checksum: 274828 4ee56537ce01864eff25c04bf8cbc7cc http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_hppa.deb Size/MD5 checksum: 478030 f5aa250b35b7aba6236e243f81a40571 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_m68k.deb Size/MD5 checksum: 364618 a1fc0175cae39bb4b6f8366104cdd027 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_m68k.deb Size/MD5 checksum: 168548 e619f627bf4dc3502237445b170b9b10 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_m68k.deb Size/MD5 checksum: 79262 70957f418a8be321b6cd8ed681392daf http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_m68k.deb Size/MD5 checksum: 264246 527734c5a0815888385c8030a0ab8d11 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_m68k.deb Size/MD5 checksum: 451098 b7a114770edf4846bcc122fa91802a87 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_mips.deb Size/MD5 checksum: 397654 5dd77052a1bf96a6919b42abb7d1993d http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_mips.deb Size/MD5 checksum: 198506 29532f0c0c25cc74db482956a2e17767 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_mips.deb Size/MD5 checksum: 94724 9be76951eec5cb400b91b6d2aa3afbc4 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_mips.deb Size/MD5 checksum: 281616 d487fea11aa26522ca13252d5a1143f1 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_mips.deb Size/MD5 checksum: 496364 ae74e80436ac5a5639d25c813937be4c Little endian MIPS architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_mipsel.deb Size/MD5 checksum: 397210 af17a66c93142f3b37f3ff54a70de6ce http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_mipsel.deb Size/MD5 checksum: 197808 f64f4c1cbe51b41a46105fb96afac7f2 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_mipsel.deb Size/MD5 checksum: 94864 2cd66c4b1fad6f8cf76d88fb3d32b64e http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_mipsel.deb Size/MD5 checksum: 281570 1913fcf10728ea03dd914aef054b062a http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_mipsel.deb Size/MD5 checksum: 496042 9396140993730275d6b8de6e34675f54 PowerPC architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_powerpc.deb Size/MD5 checksum: 375068 666bbe22fd67328d8992facd41d1896b http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_powerpc.deb Size/MD5 checksum: 178500 ae76150c581357a02d9b7bb8ced0dbdc http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_powerpc.deb Size/MD5 checksum: 91100 9a647196076ff0ca93f1972be8e06c96 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_powerpc.deb Size/MD5 checksum: 269858 c7c3f542facc9f807dbbd1a8452cd732 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_powerpc.deb Size/MD5 checksum: 466862 5e4a8282b7befb8471bcaa48d7f7e578 IBM S/390 architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_s390.deb Size/MD5 checksum: 374846 b2479d34b339e43b754f856d04fe7c18 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_s390.deb Size/MD5 checksum: 177838 29fb48bb7d7df2abf795ba8d18d54dba http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_s390.deb Size/MD5 checksum: 83068 c693a61e70c3551ff06ebbe3902d77da http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_s390.deb Size/MD5 checksum: 270776 e518ea7234a90f9ad6775402bd1ebed9 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_s390.deb Size/MD5 checksum: 465362 2e5c9c19eec1b2da7723ec841066d91d Sun Sparc architecture: http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_sparc.deb Size/MD5 checksum: 375452 c9bd70d1b1fdf3d46d2d0c3d90afdabe http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_sparc.deb Size/MD5 checksum: 178438 fc7418c8bdc8191c9068544c09095ac0 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_sparc.deb Size/MD5 checksum: 87346 dc9d3fedf805cb854e883ad054325380 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_sparc.deb Size/MD5 checksum: 271280 5a063042a2f5700ebd15c86459192761 http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_sparc.deb Size/MD5 checksum: 465524 c7a808f387b4c4c488cba086145d272a These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+NpF3W5ql+IAeqTIRAic7AJ98qQAQ6DGiqMTvAzNvrI7C6dXcDwCeLy4l L5vf3sHCMEhErjT5PDv6Ve0= =rLCC -----END PGP SIGNATURE----- |
|
This topic does not have any threads posted yet!
You cannot post until you login.