Debian Bug report logs - #621099
isc-dhcp-client: CVE-2011-0997

version graph

Package: isc-dhcp-client; Maintainer for isc-dhcp-client is Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>; Source for isc-dhcp-client is src:isc-dhcp.

Reported by: Christoph Anton Mitterer <calestyo@scientia.net>

Date: Wed, 6 Apr 2011 14:48:40 UTC

Severity: critical

Tags: security

Found in version isc-dhcp/4.1.1-P1-16

Fixed in version isc-dhcp/4.1.1-P1-16.1

Done: Michael Gilbert <michael.s.gilbert@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#621099; Package isc-dhcp-client. (Wed, 06 Apr 2011 14:48:43 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Wed, 06 Apr 2011 14:48:47 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: isc-dhcp-client: CVE-2011-0997
Date: Wed, 06 Apr 2011 14:19:41 +0200
Package: isc-dhcp-client
Version: 4.1.1-P1-16
Severity: critical
Tags: security
Justification: root security hole


Hi.

CVE-2011-0997 has been found (http://www.isc.org/software/dhcp/advisories/cve-2011-0997),
which allows a DHCP server to execute shell commands on the clients.

Cheers,
Chris.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#621099; Package isc-dhcp-client. (Sat, 09 Apr 2011 20:15:58 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Sat, 09 Apr 2011 20:16:00 GMT) Full text and rfc822 format available.

Message #10 received at 621099@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 621099@bugs.debian.org
Subject: re: isc-dhcp-client: CVE-2011-0997
Date: Sat, 9 Apr 2011 12:25:25 -0400
[Message part 1 (text/plain, inline)]
I've prepared an NMU to fix this issue.  Attached is the debdiff.  Note
that I also had to fix the FTBFS, bug #602312.

I'm going to look for a sponsor to upload this, but if you want to
take care of it yourselff, that won't be necessary:
http://mentors.debian.net/debian/pool/main/i/isc-dhcp

Note that this is a high urgency security issue.

Best wishes,
Mike
[isc-dhcp.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#621099; Package isc-dhcp-client. (Sun, 10 Apr 2011 01:57:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Sun, 10 Apr 2011 01:57:09 GMT) Full text and rfc822 format available.

Message #15 received at 621099@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: apollock@debian.org
Cc: 621099@bugs.debian.org
Subject: ISC DHCP security issue
Date: Sat, 9 Apr 2011 18:26:51 +0200
Hi Andrew,

Are you able to work on this issue? It's always most helpful if the regular 
maintainer of a package is involved in security updates.


Cheers,
Thijs




Reply sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
You have taken responsibility. (Sun, 10 Apr 2011 17:43:15 GMT) Full text and rfc822 format available.

Notification sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Bug acknowledged by developer. (Sun, 10 Apr 2011 17:43:15 GMT) Full text and rfc822 format available.

Message #20 received at 621099-close@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 621099-close@bugs.debian.org
Subject: Bug#621099: fixed in isc-dhcp 4.1.1-P1-16.1
Date: Sun, 10 Apr 2011 17:18:39 +0000
Source: isc-dhcp
Source-Version: 4.1.1-P1-16.1

We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive:

dhcp3-client_4.1.1-P1-16.1_all.deb
  to main/i/isc-dhcp/dhcp3-client_4.1.1-P1-16.1_all.deb
dhcp3-common_4.1.1-P1-16.1_all.deb
  to main/i/isc-dhcp/dhcp3-common_4.1.1-P1-16.1_all.deb
dhcp3-dev_4.1.1-P1-16.1_all.deb
  to main/i/isc-dhcp/dhcp3-dev_4.1.1-P1-16.1_all.deb
dhcp3-relay_4.1.1-P1-16.1_all.deb
  to main/i/isc-dhcp/dhcp3-relay_4.1.1-P1-16.1_all.deb
dhcp3-server_4.1.1-P1-16.1_all.deb
  to main/i/isc-dhcp/dhcp3-server_4.1.1-P1-16.1_all.deb
isc-dhcp-client-dbg_4.1.1-P1-16.1_amd64.deb
  to main/i/isc-dhcp/isc-dhcp-client-dbg_4.1.1-P1-16.1_amd64.deb
isc-dhcp-client-udeb_4.1.1-P1-16.1_amd64.udeb
  to main/i/isc-dhcp/isc-dhcp-client-udeb_4.1.1-P1-16.1_amd64.udeb
isc-dhcp-client_4.1.1-P1-16.1_amd64.deb
  to main/i/isc-dhcp/isc-dhcp-client_4.1.1-P1-16.1_amd64.deb
isc-dhcp-common_4.1.1-P1-16.1_amd64.deb
  to main/i/isc-dhcp/isc-dhcp-common_4.1.1-P1-16.1_amd64.deb
isc-dhcp-dev_4.1.1-P1-16.1_amd64.deb
  to main/i/isc-dhcp/isc-dhcp-dev_4.1.1-P1-16.1_amd64.deb
isc-dhcp-relay-dbg_4.1.1-P1-16.1_amd64.deb
  to main/i/isc-dhcp/isc-dhcp-relay-dbg_4.1.1-P1-16.1_amd64.deb
isc-dhcp-relay_4.1.1-P1-16.1_amd64.deb
  to main/i/isc-dhcp/isc-dhcp-relay_4.1.1-P1-16.1_amd64.deb
isc-dhcp-server-dbg_4.1.1-P1-16.1_amd64.deb
  to main/i/isc-dhcp/isc-dhcp-server-dbg_4.1.1-P1-16.1_amd64.deb
isc-dhcp-server-ldap_4.1.1-P1-16.1_amd64.deb
  to main/i/isc-dhcp/isc-dhcp-server-ldap_4.1.1-P1-16.1_amd64.deb
isc-dhcp-server_4.1.1-P1-16.1_amd64.deb
  to main/i/isc-dhcp/isc-dhcp-server_4.1.1-P1-16.1_amd64.deb
isc-dhcp_4.1.1-P1-16.1.diff.gz
  to main/i/isc-dhcp/isc-dhcp_4.1.1-P1-16.1.diff.gz
isc-dhcp_4.1.1-P1-16.1.dsc
  to main/i/isc-dhcp/isc-dhcp_4.1.1-P1-16.1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 621099@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <michael.s.gilbert@gmail.com> (supplier of updated isc-dhcp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 09 Apr 2011 10:57:14 -0400
Source: isc-dhcp
Binary: isc-dhcp-server isc-dhcp-server-dbg isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-dbg isc-dhcp-client-udeb isc-dhcp-relay isc-dhcp-relay-dbg dhcp3-server dhcp3-client dhcp3-relay dhcp3-common dhcp3-dev
Architecture: source amd64 all
Version: 4.1.1-P1-16.1
Distribution: unstable
Urgency: high
Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>
Changed-By: Michael Gilbert <michael.s.gilbert@gmail.com>
Description: 
 dhcp3-client - ISC DHCP server (transitional package)
 dhcp3-common - ISC DHCP common files (transitional package)
 dhcp3-dev  - ISC DHCP development files (transitional package)
 dhcp3-relay - ISC DHCP relay (transitional package)
 dhcp3-server - ISC DHCP server (transitional package)
 isc-dhcp-client - ISC DHCP client
 isc-dhcp-client-dbg - ISC DHCP client (debugging symbols)
 isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb)
 isc-dhcp-common - common files used by all the isc-dhcp* packages
 isc-dhcp-dev - API for accessing and modifying the DHCP server and client state
 isc-dhcp-relay - ISC DHCP relay daemon
 isc-dhcp-relay-dbg - DHCP relay daemon (debugging symbols)
 isc-dhcp-server - ISC DHCP server for automatic IP address assignment
 isc-dhcp-server-dbg - ISC DHCP server for automatic IP address assignment (debug)
 isc-dhcp-server-ldap - DHCP server able to use LDAP as backend
Closes: 602312 621099
Changes: 
 isc-dhcp (4.1.1-P1-16.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix cve-2011-0997: remote code execution vulnerability in dhclient
     (closes: #621099).
   * Fix ftbfs with 'ld --no-as-needed' (closes: #602312).
Checksums-Sha1: 
 f65a476685903ac02e7f11f016381c865ecc47b0 1547 isc-dhcp_4.1.1-P1-16.1.dsc
 8159b6c96df207cf7bf7bf5b01218121a39c40fe 133871 isc-dhcp_4.1.1-P1-16.1.diff.gz
 c89e14e63bd9a1e739866d9b1739e406815c4aac 414722 isc-dhcp-server_4.1.1-P1-16.1_amd64.deb
 dcac0176f61c2900db432094b439c66faeb90269 891454 isc-dhcp-server-dbg_4.1.1-P1-16.1_amd64.deb
 49aa6908de31814b68062329883d8b1db3422d7f 376302 isc-dhcp-server-ldap_4.1.1-P1-16.1_amd64.deb
 3e7b12683bc3f44be199284c75bdf001bcaab00c 341174 isc-dhcp-common_4.1.1-P1-16.1_amd64.deb
 7f5d6eb13065d8675e46f87763b74453d569df02 746916 isc-dhcp-dev_4.1.1-P1-16.1_amd64.deb
 080127231ce263d8f0d954c603514818535de617 284416 isc-dhcp-client_4.1.1-P1-16.1_amd64.deb
 ad7c2f3bb0cdc785da9764fdc9b8dc362de1286f 691130 isc-dhcp-client-dbg_4.1.1-P1-16.1_amd64.deb
 dab6b930fab3b02063c3fc60abbf65595249395b 232472 isc-dhcp-client-udeb_4.1.1-P1-16.1_amd64.udeb
 5af19938cd263859f156a92bf348361306015fcf 229570 isc-dhcp-relay_4.1.1-P1-16.1_amd64.deb
 7bc17485600a1df3b607208e5939c89ef6dfdb8a 625044 isc-dhcp-relay-dbg_4.1.1-P1-16.1_amd64.deb
 e36e63af2acebdbf740c0391898669df1725b4b6 25868 dhcp3-server_4.1.1-P1-16.1_all.deb
 6b501b2072a4f76192113a8684baa04fe804a168 25434 dhcp3-client_4.1.1-P1-16.1_all.deb
 b72761e2f5260b20e7443acddca2043e1cdb8beb 25578 dhcp3-relay_4.1.1-P1-16.1_all.deb
 3648aacf47a0fb50b1019138c5c8eeb3f24d1162 25002 dhcp3-common_4.1.1-P1-16.1_all.deb
 80335036432b1f329264e09884be91837e8b893f 25048 dhcp3-dev_4.1.1-P1-16.1_all.deb
Checksums-Sha256: 
 67a55c058fc7537d5e436d9b1ec0b16ac9faa102b8a51893c47892add4f8017c 1547 isc-dhcp_4.1.1-P1-16.1.dsc
 06ee57eae2527fe201d3428bf7e0ceb059b76eaaed430aeb5d3d2ef79e0ba250 133871 isc-dhcp_4.1.1-P1-16.1.diff.gz
 c2fa5b7363fe1b029e8c43e80c2347675dc659c37a995e7cd1fec15f7f24e429 414722 isc-dhcp-server_4.1.1-P1-16.1_amd64.deb
 1b5b46c24752811f3da93210a5684a895e89f62595022ef8224d5a4781ddd551 891454 isc-dhcp-server-dbg_4.1.1-P1-16.1_amd64.deb
 040c2cc01a1ff4e4d5ca320e8bd2ed2da87c18f5e9ce1c0c6fde64f291c1c168 376302 isc-dhcp-server-ldap_4.1.1-P1-16.1_amd64.deb
 558eba961a956fa2b73559842d62353682464cd881b5dac2683d46cf30edd9ff 341174 isc-dhcp-common_4.1.1-P1-16.1_amd64.deb
 8bac5bfb614d0a815854a7f4f3b01d23aafcd51f6cb425c30487ecf0b94e2947 746916 isc-dhcp-dev_4.1.1-P1-16.1_amd64.deb
 70a3172378829d075b2c847c6883f8dcdb7961c0dfd01fbd3660250511aacf29 284416 isc-dhcp-client_4.1.1-P1-16.1_amd64.deb
 1c46b41cfccd8ca89aa72dd228a297e62d97fdf10e4bd2eb0a778d36d5e79e8a 691130 isc-dhcp-client-dbg_4.1.1-P1-16.1_amd64.deb
 b629df17c6cb1b9584bf0e58392a586a988755af04b05a3360545e655cccdbc5 232472 isc-dhcp-client-udeb_4.1.1-P1-16.1_amd64.udeb
 3cbbc7b0e7a0eeebfb0a54a6f9647badfcf627878ec1c19346ecd95eecfe019f 229570 isc-dhcp-relay_4.1.1-P1-16.1_amd64.deb
 9b873c7fe054c7b06393275d37473f06225d1cafd461afed0795560f63e91b68 625044 isc-dhcp-relay-dbg_4.1.1-P1-16.1_amd64.deb
 629925c44eb6b82b14cd80c9af636b3bd88c7b98d4ce696652a0797706e9ed67 25868 dhcp3-server_4.1.1-P1-16.1_all.deb
 a11e4aa9e5f343ec82c6ed7f804b7c225d5dd2cba3cda9e10e7b409abf18caba 25434 dhcp3-client_4.1.1-P1-16.1_all.deb
 c11f32a961ca4d90dd556baacce25c63dd844a95f0aa315f4d3c785fcd8c921c 25578 dhcp3-relay_4.1.1-P1-16.1_all.deb
 343e377c69f2109ce130153b37ef07baa8b42967cfc3a4a663599eaed425e530 25002 dhcp3-common_4.1.1-P1-16.1_all.deb
 017fbceb8e0199b53cea107d524be38b0bf676309b01e0f6aeb082ace2ee2930 25048 dhcp3-dev_4.1.1-P1-16.1_all.deb
Files: 
 512f1cbd8bf5b41e22114d748f8a16af 1547 net important isc-dhcp_4.1.1-P1-16.1.dsc
 e4ce819d7a15bed9a9d8a54d0d39df21 133871 net important isc-dhcp_4.1.1-P1-16.1.diff.gz
 ced173b1b63e585a0c848074e85e59fa 414722 net optional isc-dhcp-server_4.1.1-P1-16.1_amd64.deb
 7ccddd1df27375cdfcd4127091c58a88 891454 debug extra isc-dhcp-server-dbg_4.1.1-P1-16.1_amd64.deb
 95e5434aa21a40cd2d2431ab8ed162c4 376302 net optional isc-dhcp-server-ldap_4.1.1-P1-16.1_amd64.deb
 82cf0854e974c9a3961e0797e5d7a789 341174 net important isc-dhcp-common_4.1.1-P1-16.1_amd64.deb
 86dd07725439ab10c94f7b98a2e6ba58 746916 devel optional isc-dhcp-dev_4.1.1-P1-16.1_amd64.deb
 59de90b02fca2041146c726e4644b747 284416 net important isc-dhcp-client_4.1.1-P1-16.1_amd64.deb
 d2ef4f3f93a15eb38c90955085615c97 691130 debug extra isc-dhcp-client-dbg_4.1.1-P1-16.1_amd64.deb
 02d5d5c599b181184c207e7860b5eddd 232472 debian-installer extra isc-dhcp-client-udeb_4.1.1-P1-16.1_amd64.udeb
 e7d5c05e575e1c061df840dc1b7b14d5 229570 net optional isc-dhcp-relay_4.1.1-P1-16.1_amd64.deb
 057bb945ab1f8e071707613056cefe9d 625044 debug extra isc-dhcp-relay-dbg_4.1.1-P1-16.1_amd64.deb
 163183e0f25dea8008a7b822f406f52f 25868 oldlibs extra dhcp3-server_4.1.1-P1-16.1_all.deb
 48b78fa2da085c7b294b50a5bb3db7fa 25434 oldlibs extra dhcp3-client_4.1.1-P1-16.1_all.deb
 94f2ef887537df1b02ca913217e17f95 25578 oldlibs extra dhcp3-relay_4.1.1-P1-16.1_all.deb
 e67bf60d3d33b8ff742fbcd22e7180db 25002 oldlibs extra dhcp3-common_4.1.1-P1-16.1_all.deb
 ec52e153afc6981a67214e86d3f057f0 25048 oldlibs extra dhcp3-dev_4.1.1-P1-16.1_all.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk2h4uAACgkQHYflSXNkfP8KyQCfU/o5zb+cQgOGpHpV0eKBZShd
clkAn0ULF1Jd8FujJS6cvPxmZdmKVvX0
=5vTL
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 17 May 2011 08:07:19 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 21:45:30 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.