Bugzilla – Attachment 21301 Details for
Bug 56975
VUL-0: CVE-2004-0461: dhcp: remote buffer overfow
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
and another CERT mail
2004-06-17_1.txt (text/plain), 3.87 KB, created by
Thomas Biege
on 2004-06-17 16:55:37 UTC
(
hide
)
Description:
and another CERT mail
Filename:
MIME Type:
Creator:
Thomas Biege
Created:
2004-06-17 16:55:37 UTC
Size:
3.87 KB
patch
obsolete
>If you haven't already, you should contact ISC. Their pulbic key for >this issue is below. > >Since you get stuff from CERT, please ask them to send you notices on >this issue directly to you, in case I miss forwarding one to you - >we've ascertained that the home-brew DHCP server on NetWare 5 is not >likely affected by this bug. > >*** PGP SIGNATURE VERIFICATION *** >*** Status: Good Signature from Invalid Key >*** Alert: Please verify signer's key before trusting signature. >*** Signer: CERT Coordination Center <cert@cert.org> (0xFF755015) >*** Signed: 6/16/2004 11:27:32 AM >*** Verified: 6/16/2004 9:51:35 PM >*** BEGIN PGP DECRYPTED/VERIFIED MESSAGE *** > >Hello, > >I realized that the tarball contains only the new distribution, and >not >patches. I realized this after I sent it, but I wanted to get out >what we >had as soon as possible given the time constraints. > >Note that last night, we were able to negotiate a later release date >in >order to provide vendors with time to develop and test patches. > >We are going to recommend next Tuesday, June 22 @ 2pm but this is not >finalized. If you feel that you will require more time than this, >please >let us know and we will try to work this out. ISC has stated that >vendors >can contact them at dhcp@isc.org to discuss their dhcp >vulnerability/disclosure/patch/upgrade situation using the pgp key >provided below for this address. As always, we are willing to act as >a >proxy in this matter should you decide to use us. > >I will be sending a round of mail as a confirmation once we finalize >the >release date. > >I called ISC and I asked the ISC DHCP developer to send us the >patches for >distribution if possible. They do not have clean stand alone patches, >but >he said that the diff between DHCP-3.0.1rc13 and the tarball >DHCP-3.0.1, >will provide the changes. Note that most of the changes are to the >copyright notices. I also recommend diff'ing your distribution with >the >tarball to help determine the changes. If we receive patches from >ISC, we >will pass those along. > >Again, remember that while the flawed code exists in prior versions, >it >doesn't appear that either of these vulnerabilities is exploitable in >versions other than DHCP-3.0.1rc12 and DHCP-3.0.1rc13. > >Thanks for your coordination and patience on this. > >Here is the pgp key provided for mail to dhcp@isc.org: > >-----BEGIN PGP PUBLIC KEY BLOCK----- >Version: GnuPG v1.2.3 (FreeBSD) > >mQGiBEDPh3ERBACxrGSQjWzRJ4xypJzABwsUYNk7P0tv2Zy1Hwa5uOfxkZA8z/L5 >FyR0L7/jFxJEpjeW1VvpEp8EJanX8oHU3kwwAVhTQw8WgcSrv/WZcLh7AvDYXABX >AVcouWOpOrBrq8a/ro7fGbV+K60bD40jNB6YczL3bmcZVmxRc09kmUSmfwCgoMBU >WVXHTN0OW47UpOKdtXcPZX0D/ig5mGeWXB3mKUqgdZb79aVTEDuZmZGy8wRQ4IQx >tBYjM10vhaSlqxHSFUWQLRq5EKSLicNAyB2gg0qf3fCgpWYIYYdfKyHfNjx69MW9 >t13Dzoz7hqDJJpo/fLGHJeY33GnDpGR6euB/c0QH/IhxwAbEkBA0YuIzjt++koYR >xGudA/98bQFLgfaXWmK5ZVJG13WzkUltFQKOqx7S4OIlQXMrGiM20sxSaIlY1Kx4 >G67AFJKaGsnSU3k/pJtonQoiex/yae8gyXlpet1rTfnWGrYar/lb8Ih9PiQVmp4u >10Ufdcvmc9laRq4EP+Cs2BJ15nGBC5tHpnjAeXOPCr1YcHsEMrQeSVNDIERIQ1Ag >KHJvbGUpIDxkaGNwQGlzYy5vcmc+iGUEExECACUFAkDPh3ECGwMFCQlmAYAHCwkI >BwMCAQMVAgMDFgIBAh4BAheAAAoJEPQaoFE8wTKcYq0AniBh35eLWlQ9AsgXejGu >HpqUaW6mAJwLqKfN9X9+IG8weeyNzhelruVtKLkBDQRAz4dyEAQArETDaWrsWfiU >EDCKPAmmPnuZq0W6Znus9po+mRWERvUfhJWIg0+jl6BqZ68Vh7NeYlZanFJtwt/k >JxWf63OuqxkJApQJgjeBAEdVMQxZ7Sti7MNF0ewJu8NRmwTHNRzh7EvQdb9hOaaH >L3aKI8e8R1W1OPnPv2TgJG1Etf8ApS8AAwUD/1er1xeGcGi6HarA8k6vnJsfZ7qB >Pbu+NSFLLL0DO+5p0kdVOIj0VcqEjFZmDgsQIWsbt4VcpICd6bGUVt7eHYGqma0U >HJc51uquVQEwWKEZyZWFoEriISJdD9kz9wWOpCmLJ0v8GBX0qiiczxhRaUMxmXDN >8dmisyXTnRIXkBTsiE8EGBECAA8FAkDPh3ICGwwFCQlmAYAACgkQ9BqgUTzBMpyx >WgCfcs9ok9Y/VNGraBm92FvxdYJ8zaYAn1VAPZXRC8h3jG7pYHrbErYiX2mJ >=oCH7 >-----END PGP PUBLIC KEY BLOCK----- > > >*** END PGP DECRYPTED/VERIFIED MESSAGE *** > > >Thank you, > Jason Rafail > >============================== >Member of the Technical Staff >CERT Coordination Center >Software Engineering Institute >Carnegie Mellon University >4500 Fifth Avenue >Pittsburgh, PA 15213 >1-412-268-7090 >==============================
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=21301">View the attachment on a separate page</a>.</b>
Actions:
View
Attachments on
bug 56975
:
21118
|
21119
|
21120
|
21122
|
21123
|
21124
|
21126
|
21160
|
21196
|
21254
| 21301 |
21307
|
21354
|
21425
|
21634
|
21635
|
21636