From: David Meuleman (dmeuleman@defiance.edu)
Date: Thu Jan 23 2003 - 08:13:44 CST
That probably would have been helpful....netreg-1.2.
Dave
1/22/2003 8:15:13 PM, Peter Valian <valianp@southwestern.edu> wrote:
>what version of netreg are you running?
>
>David Meuleman wrote:
>> Would there be any issues with the netreg scripts if I upgraded from dhcp-3.0b1pl17 to dhcp-3.0pl2 or dhcp-3.0.1RC11.
>>
>> It needs to be done, but I'd like to know about any possible problems before I do it.
>>
>> Dave
>>
>> 1/16/2003 9:33:23 AM, Peter Valian <valianp@southwestern.edu> wrote:
>>
>>
>>>FYI for those of you not subscribed to the CERT advisory list,
>>>
>>>-------- Original Message --------
>>>Subject: CERT Advisory CA-2003-01 Buffer Overflows in ISC DHCPD Minires
>>>Library
>>>Date: Wed, 15 Jan 2003 15:55:21 -0500
>>>From: CERT Advisory <cert-advisory@cert.org>
>>>Organization: CERT(R) Coordination Center - +1 412-268-7090
>>>To: cert-advisory@cert.org
>>>
>>>
>>>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>
>>>CERT Advisory CA-2003-01 Buffer Overflows in ISC DHCPD Minires Library
>>>
>>> Original release date: January 15, 2003
>>> Last revised: --
>>> Source: CERT/CC
>>>
>>> A complete revision history can be found at the end of this file.
>>>
>>> Systems Affected
>>>
>>> * Systems running ISC DHCPD versions 3.0 through 3.0.1RC10,
>>> inclusive.
>>> * For detailed vendor status information, see
>>> http://www.kb.cert.org/vuls/id/284857#systems
>>>
>>>Overview
>>>
>>> The Internet Software Consortium (ISC) has discovered several buffer
>>> overflow vulnerabilities in their implementation of DHCP (ISC DHCPD).
>>> These vulnerabilities may allow remote attackers to execute arbitrary
>>> code on affected systems. At this time, we are not aware of any
>>> exploits.
>>>
>>>I. Description
>>>
>>> There are multiple remote buffer overflow vulnerabilities in the ISC
>>> implementation of DHCP. As described in RFC 2131, "the Dynamic Host
>>> Configuration Protocol (DHCP) provides a framework for passing
>>> configuration information to hosts on a TCP/IP network." In addition to
>>> supplying hosts with network configuration data, ISC DHCPD allows the
>>> DHCP server to dynamically update a DNS server, eliminating the need
>>> for manual updates to the name server configuration. Support for
>>> dynamic DNS updates is provided by the NSUPDATE feature.
>>>
>>> During an internal source code audit, developers from the ISC
>>> discovered several vulnerabilities in the error handling routines of
>>> the minires library, which is used by NSUPDATE to resolve hostnames.
>>> These vulnerabilities are stack-based buffer overflows that may be
>>> exploitable by sending a DHCP message containing a large hostname
>>> value. Note: Although the minires library is derived from the BIND 8
>>> resolver library, these vulnerabilities do not affect any current
>>> versions of BIND.
>>>
>>> The CERT/CC is tracking this issue as VU#284857. This reference number
>>> corresponds to CVE candidate CAN-2003-0026.
>>>
>>>II. Impact
>>>
>>> Remote attackers may be able to execute arbitrary code with the
>>> privileges of the user running ISC DHCPD.
>>>
>>>III. Solution
>>>
>>> Upgrade or apply a patch
>>>
>>> The ISC has addressed these vulnerabilities in versions 3.0pl2 and
>>> 3.0.1RC11 of ISC DHCPD. If your software vendor supplies ISC DHCPD as
>>> part of an operating system distribution, please see Appendix A for
>>> vendor-specific patch information.
>>>
>>> For a detailed list of vendors that have been notified of this issue by
>>> the CERT/CC, please see
>>>
>>> http://www.kb.cert.org/vuls/id/284857#systems
>>>
>>> Disable dynamic DNS updates (NSUPDATE)
>>>
>>> As an interim measure, the ISC recommends disabling the NSUPDATE
>>> feature on affected DHCP servers.
>>>
>>> Block external access to DHCP server ports
>>>
>>> As an interim measure, it is possible to limit exposure to these
>>> vulnerabilities by restricting external access to affected DHCP servers
>>> on the following ports:
>>>
>>>bootps 67/tcp # Bootstrap Protocol Server
>>>bootps 67/udp # Bootstrap Protocol Server
>>>bootpc 68/tcp # Bootstrap Protocol Client
>>>bootpc 68/udp # Bootstrap Protocol Client
>>>
>>> Disable the DHCP service
>>>
>>> As a general rule, the CERT/CC recommends disabling any service or
>>> capability that is not explicitly required. Depending on your network
>>> configuration, you may not need to use DHCP.
>>>
>>>Appendix A. - Vendor Information
>>>
>>> This appendix contains information provided by vendors for this
>>> advisory. As vendors report new information to the CERT/CC, we will
>>> update this section and note the changes in our revision history. If a
>>> particular vendor is not listed below, we have not received their
>>> comments.
>>>
>>> Apple Computer, Inc.
>>>
>>> Mac OS X and Mac OS X Server do not contain the vulnerability described
>>> in this notice.
>>>
>>> Berkeley Software Design, Inc. (BSDI)
>>>
>>> This vulnerability is addressed by the M431-001 and M500-004 patches
>>> for the 4.3.1 and 5.0 versions of BSD/OS.
>>>
>>> Cisco Systems
>>>
>>> No Cisco products have been found to be affected by this vulnerability.
>>>
>>> Several Cisco products do utilize the ISC DHCPD, however, no Cisco
>>> products implement the ISC DHCPD NSUPDATE feature, nor do they include
>>> the minires library.
>>>
>>> Cray Inc.
>>>
>>> Cray Inc. is not vulnerable as dhcpd is not supported on any of its
>>> products.
>>>
>>> Fujitsu
>>>
>>> Fujitsu's UXP/V OS is not vulnerable because it does not support the
>>> ISC DHCPD.
>>>
>>> Hewlett-Packard Company
>>>
>>> Source: Hewlett-Packard Company
>>> Software Security Response Team
>>>
>>>
>>> cross reference id: SSRT2423
>>>
>>> HP-UX - not vulnerable
>>> HP-MPE/ix - not vulnerable
>>> HP Tru64 UNIX - not vulnerable
>>> HP OpenVMS - not vulnerable
>>> HP NonStop Servers - not vulnerable
>>>
>>> To report potential security vulnerabilities in HP software,
>>> send an E-mail message to: mailto:security-alert@hp.com
>>>
>>> Hitachi, Ltd.
>>>
>>> We've checked up on our router (Hitachi,Ltd. GR2000 series) about
>>> [VU#284857]. Our DHCP implementation is NOT vulnerable.
>>>
>>> IBM Corporation
>>>
>>> IBM's AIX does not ship with the ISC DHCP daemon. The issues discussed
>>> in VU#284857 or any following advisories based on this vulnerability
>>> note do not pertain to AIX.
>>>
>>> Internet Software Consortium
>>>
>>> We have a patched version of 3.0 available (3.0pl2) and a new release
>>> candidate for the next bug-fix release (3.0.1RC11). Both of these new
>>> releases are available from http://www.isc.org/products/DHCP/.
>>>
>>> MontaVista Software
>>>
>>> None of MontaVista Software's Linux products are vulnerable to this
>>> issue.
>>>
>>> NEC Inc.
>>>
>>> [Server Products]
>>>
>>> * EWS/UP 48 Series operating system
>>> - is NOT vulnerable.
>>>
>>> NetBSD
>>>
>>> Currently supported versions of NetBSD do not contain the error
>>> handling routine vulnerabilities. Such vulnerabilities were fixed
>>> prior to the release of NetBSD 1.5.
>>>
>>> With respect to the patch to ns_name.c, we believe that this is good
>>> defensive programming and have applied the patch to NetBSD-current.
>>> However, all calls to ns_name_ntol in the NetBSD source base pass a
>>> correct, constant, non-zero value as the datsiz parameter.
>>>
>>> Therefore, NetBSD is not vulnerable.
>>>
>>> NetScreen
>>>
>>> NetScreen is not vulnerable to this issue.
>>>
>>> OpenBSD
>>>
>>> OpenBSD's dhcp support is much modified, does not have that feature,
>>> and therefore does not have that bug.
>>>
>>> Openwall GNU/*/Linux
>>>
>>> Openwall GNU/*/Linux is not vulnerable. We don't yet provide a DHCP
>>> suite.
>>>
>>> Red Hat Inc.
>>>
>>> Red Hat distributes a vulnerable version of ISC DHCP in Red Hat Linux
>>> 8.0. Other distributions of Red Hat Linux are not vulnerable to these
>>> issues. New DHCP packages are available along with our advisory at the
>>> URL below. Users of the Red Hat Network can update their systems using
>>> the 'up2date' tool.
>>>
>>> http://rhn.redhat.com/errata/RHSA-2003-011.html
>>>
>>> Riverstone Networks
>>>
>>> Riverstone Networks is not vulnerable to VU#284857.
>>>
>>> Sun Microsystems, Inc.
>>>
>>> Sun confirms that we are not vulnerable to the issues described in
>>> VU#284857. Solaris does not ship the ISC DHCPD and does not use any of
>>> the ISC DHCPD source in its version of DHCPD.
>>>
>>> SuSE Linux AG
>>>
>>> We are preparing updates, that will be released soon.
>>>
>>> Xerox
>>>
>>> Xerox is aware of this vulnerability and is currently assessing all
>>> products. This statement will be updated as new information becomes
>>> available.
>>> _________________________________________________________________
>>>
>>> The CERT Coordination Center thanks David Hankins of the Internet
>>> Software Consortium for notifying us about this problem and for helping
>>> us to construct this document. We also thank Jacques A. Vidrine for
>>> drawing attention to this issue.
>>> _________________________________________________________________
>>>
>>> Author: This document was written by Jeffrey P. Lanza.
>>> ______________________________________________________________________
>>>
>>> This document is available from:
>>> http://www.cert.org/advisories/CA-2003-01.html
>>> ______________________________________________________________________
>>>
>>>CERT/CC Contact Information
>>>
>>> Email: cert@cert.org
>>> Phone: +1 412-268-7090 (24-hour hotline)
>>> Fax: +1 412-268-6989
>>> Postal address:
>>> CERT Coordination Center
>>> Software Engineering Institute
>>> Carnegie Mellon University
>>> Pittsburgh PA 15213-3890
>>> U.S.A.
>>>
>>> CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
>>> EDT(GMT-4) Monday through Friday; they are on call for emergencies
>>> during other hours, on U.S. holidays, and on weekends.
>>>
>>>Using encryption
>>>
>>> We strongly urge you to encrypt sensitive information sent by email.
>>> Our public PGP key is available from
>>> http://www.cert.org/CERT_PGP.key
>>>
>>> If you prefer to use DES, please call the CERT hotline for more
>>> information.
>>>
>>>Getting security information
>>>
>>> CERT publications and other security information are available from
>>> our web site
>>> http://www.cert.org/
>>>
>>> To subscribe to the CERT mailing list for advisories and bulletins,
>>> send email to majordomo@cert.org. Please include in the body of your
>>> message
>>>
>>> subscribe cert-advisory
>>>
>>> * "CERT" and "CERT Coordination Center" are registered in the U.S.
>>> Patent and Trademark Office.
>>> ______________________________________________________________________
>>>
>>> NO WARRANTY
>>> Any material furnished by Carnegie Mellon University and the Software
>>> Engineering Institute is furnished on an "as is" basis. Carnegie
>>> Mellon University makes no warranties of any kind, either expressed or
>>> implied as to any matter including, but not limited to, warranty of
>>> fitness for a particular purpose or merchantability, exclusivity or
>>> results obtained from use of the material. Carnegie Mellon University
>>> does not make any warranty of any kind with respect to freedom from
>>> patent, trademark, or copyright infringement.
>>> _________________________________________________________________
>>>
>>> Conditions for use, disclaimers, and sponsorship information
>>>
>>> Copyright 2003 Carnegie Mellon University.
>>>
>>> Revision History
>>>January 15, 2003: Initial release
>>>
>>>-----BEGIN PGP SIGNATURE-----
>>>Version: PGP 6.5.8
>>>
>>>iQCVAwUBPiW+92jtSoHZUTs5AQEncQQAsuYjk8gUeHb3Ch+dflrvDucfjy+EHy6E
>>>TAeG+Hc9VZjhzxnK8Fmk9bNW5HP9LOlzJG0xSlEOtfbbfUEikq5onPwIEz/w5CfG
>>>d9jse1JM7q+Di6C9NmRZG42CP4Y2a9YSHK2RT+o6B6kurg0DfQyir0AzrIvUReMC
>>>Pbev3WAZs8s=
>>>=yhDV
>>>-----END PGP SIGNATURE-----
>>>
>>>--
>>>Peter Valian
>>>Network & Systems Administrator
>>>Southwestern University
>>>Georgetown, Texas
>>>512.863.1586 office
>>>512.863.1605 fax
>>>--
>>>
>>>
>>>**********************************************************************
>>>To unsubscribe from this list, send an e-mail message to
>>>majordomo@southwestern.edu containing a single line with the words:
>>>unsubscribe netreg
>>>Send requests for assistance to: owner-netreg@southwestern.edu
>>>**********************************************************************
>>>
>>
>>
>>
>>
>> **********************************************************************
>> To unsubscribe from this list, send an e-mail message to
>> majordomo@southwestern.edu containing a single line with the words:
>> unsubscribe netreg
>> Send requests for assistance to: owner-netreg@southwestern.edu
>> **********************************************************************
>
>
>--
>Peter Valian
>Network & Systems Administrator
>Southwestern University
>Georgetown, Texas
>512.863.1586 office
>512.863.1605 fax
>--
>
>
>**********************************************************************
>To unsubscribe from this list, send an e-mail message to
>majordomo@southwestern.edu containing a single line with the words:
>unsubscribe netreg
>Send requests for assistance to: owner-netreg@southwestern.edu
>**********************************************************************
>
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:38 CDT