Bug 19501

Summary: ISC DHCP Root Exploit
Product: Base System Reporter: Cy Schubert <Cy.Schubert>
Component: binAssignee: David E. O'Brien <obrien>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-STABLE   
Hardware: Any   
OS: Any   

Description Cy Schubert 2000-06-25 16:20:00 UTC 
From BUGTRAQ:

	Date: Sat, 24 Jun 2000 02:28:58 -0700
	Reply-To: Ted Lemon <mellon@NOMINUM.COM>
	Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
	From: Ted Lemon <mellon@NOMINUM.COM>
	Subject: Possible root exploit in ISC DHCP client.
	To: BUGTRAQ@SECURITYFOCUS.COM
	Resent-To: cy@passer.osg.gov.bc.ca
	Resent-Date: Sat, 24 Jun 2000 12:15:21 -0700
	Resent-From: Cy Schubert <cschuber@osg.gov.bc.ca>
	
	Somebody at OpenBSD discovered a possible root exploit in the ISC DHCP
	client.  This exploit is present in all versions of the ISC DHCP
	client prior to 2.0pl1 and 3.0b1pl14, which I just released this
	evening.  Anybody who is using versions of the ISC DHCP client other
	than these is strongly urged to upgrade.  I would appreciate it if the
	OpenBSD people would take a look at the new version to see if they
	believe it is a complete fix, and let me know if it isn't.  In any
	case, thanks for catching the error!  I'm sorry I'm being so vague
	about how this got found, but I don't have time to read bugtraq
	anymore, so I was notified roughly fourth-hand.
	
	The ISC DHCP distribution is available at ftp://ftp.isc.org/isc/DHCP,
	and anonymous CVS at http://www.isc.org/products/DHCP/anoncvs.html.
	The head of the tree in anonymous CVS also contains the fix.
	
				       _MelloN_

Fix: 

Upgrade dhclient in base system to 2.0.pl1.
How-To-Repeat: 
N/A
Comment 1 nra freebsd_committer freebsd_triage 2000-07-23 21:01:21 UTC 
State Changed
From-To: open->closed


obrien has imported ISC 2.0 Patch Level 3 into -current and MFC'ed it to 
-stable.
Comment 2 nra freebsd_committer freebsd_triage 2000-07-23 21:01:21 UTC 
Responsible Changed
From-To: freebsd-bugs->obrien

obrien did the work.