From Cy.Schubert@uumail.gov.bc.ca  Sun Jun 25 08:14:45 2000
Return-Path: <Cy.Schubert@uumail.gov.bc.ca>
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 9942537BCC9
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 25 Jun 2000 08:14:44 -0700 (PDT)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA30830
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 25 Jun 2000 08:14:44 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda30826; Sun Jun 25 08:14:30 2000
Received: (from cschuber@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id IAA17870;
	Sun, 25 Jun 2000 08:14:30 -0700 (PDT)
Message-Id: <200006251514.IAA17870@passer.osg.gov.bc.ca>
Date: Sun, 25 Jun 2000 08:14:30 -0700 (PDT)
From: Cy.Schubert@uumail.gov.bc.ca
Reply-To: Cy.Schubert@uumail.gov.bc.ca
To: FreeBSD-gnats-submit@freebsd.org
Subject: Possible root exploit in ISC DHCP client.
X-Send-Pr-Version: 3.2

>Number:         19501
>Category:       bin
>Synopsis:       ISC DHCP Root Exploit
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    obrien
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 25 08:20:00 PDT 2000
>Closed-Date:    Sun Jul 23 13:01:21 PDT 2000
>Last-Modified:  Sun Jul 23 13:03:02 PDT 2000
>Originator:     Cy Schubert
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
UNIX Group, ITSD, ISTA, Province of BC
>Environment:

FreeBSD passer 4.0-STABLE FreeBSD 4.0-STABLE #0: Fri Jun 23 13:38:31 PDT 2000     root@:/opt/cvs-400s-000620/src/sys/compile/PASSER  i386

>Description:

From BUGTRAQ:

	Date: Sat, 24 Jun 2000 02:28:58 -0700
	Reply-To: Ted Lemon <mellon@NOMINUM.COM>
	Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
	From: Ted Lemon <mellon@NOMINUM.COM>
	Subject: Possible root exploit in ISC DHCP client.
	To: BUGTRAQ@SECURITYFOCUS.COM
	Resent-To: cy@passer.osg.gov.bc.ca
	Resent-Date: Sat, 24 Jun 2000 12:15:21 -0700
	Resent-From: Cy Schubert <cschuber@osg.gov.bc.ca>
	
	Somebody at OpenBSD discovered a possible root exploit in the ISC DHCP
	client.  This exploit is present in all versions of the ISC DHCP
	client prior to 2.0pl1 and 3.0b1pl14, which I just released this
	evening.  Anybody who is using versions of the ISC DHCP client other
	than these is strongly urged to upgrade.  I would appreciate it if the
	OpenBSD people would take a look at the new version to see if they
	believe it is a complete fix, and let me know if it isn't.  In any
	case, thanks for catching the error!  I'm sorry I'm being so vague
	about how this got found, but I don't have time to read bugtraq
	anymore, so I was notified roughly fourth-hand.
	
	The ISC DHCP distribution is available at ftp://ftp.isc.org/isc/DHCP,
	and anonymous CVS at http://www.isc.org/products/DHCP/anoncvs.html.
	The head of the tree in anonymous CVS also contains the fix.
	
				       _MelloN_


>How-To-Repeat:

N/A

>Fix:

Upgrade dhclient in base system to 2.0.pl1.


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: nra 
State-Changed-When: Sun Jul 23 13:01:21 PDT 2000 
State-Changed-Why:  

obrien has imported ISC 2.0 Patch Level 3 into -current and MFC'ed it to 
-stable. 



Responsible-Changed-From-To: freebsd-bugs->obrien 
Responsible-Changed-By: nra 
Responsible-Changed-When: Sun Jul 23 13:01:21 PDT 2000 
Responsible-Changed-Why:  
obrien did the work. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19501 
>Unformatted:
