[Am-info] CERT Warns Of New Security Flaw

[Fred A. Miller]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CERT Warns Of New Security Flaw

The CERT Coordination Center is warning of a potentially serious=20
security vulnerability that could let a remote hacker run code on=20
Dynamic Host Configuration Protocol Daemon (DHCPD) servers.=20

The DHCPD, used to allocate network addresses and assign=20
configuration parameters to hosts, is provided by the Internet=20
Software Consortium. The vulnerability, revealed late Wednesday,=20
is in the way the DHCP server processes an acknowledgement=20
response sent by domain name system servers. More information can=20
be found in CERT Advisory CA-2002-12 at=20
http://update.informationweek.com/cgi-bin4/flo?y=3DeHIr0Bce7K0V20Bcc20Aq =
=2E

The CERT advisory warns that some of the mitigation steps it=20
recommends "may have significant impact on your normal network=20
operations." CERT advises users to apply vendor patches, if=20
available.=20

Potentially vulnerable systems include ISC DHCPD 3.0 to 3.0.1rc8.=20
Networking vendors Alcatel and Conectiva say they'll provide=20
fixes for affected systems. CERT says F5 Networks, IBM, Lotus,=20
Microsoft, NetBSD, and Silicon Graphics aren't affected. - George=20
V. Hulme

- --=20
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
- --- SuSE Linux v8.0 Pro---



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzaf3AACgkQB9vk4ichYXe+TACgpcUmdyoyzHZJ6KABKuyZ6st9
HscAnRvI7R9Q6BGETfsXZRY1lau3Lpgj
=3Dc+zN
-----END PGP SIGNATURE-----