Good to see the local FBI communicating... Geo -----Original Message----- From: SA Phil R. Slinkard [mailto:pslinkar@private] Sent: Friday, January 24, 2003 7:47 AM To: George Heuston Subject: CERT Advisory CA-2003-01 Buffer Overflows in ISC DHCPD Minires Library This is to advise those of you who may not be aware of the recent CERT/CC advisory concerning a vulnerability in the ISC version of DHCP which could result in a remote attacker compromising systems and executing malicious code. If you are running this version of DHCP, you are encouraged to review the CERT Advisory and patch systems to prevent exploitation of the vulnerability and compromise of your systems. The details contained in the advisory can be accessed at http://www.cert.org <http://www.cert.org/> . Original release date: January 15, 2003 Last revised: January 20, 2003 Source: CERT/CC Systems Affected Systems running ISC DHCPD versions 3.0 through 3.0.1RC10, inclusive. For detailed vendor status information, see VU#284857 Overview The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we re not aware of any exploits. Phil R. Slinkard Special Agent Cyber Crime Division - Portland Federal Bureau of Investigation Wk: (503) 552-5290 Page: (503) 301-1236 Email: pslinkar@private
This archive was generated by hypermail 2b30 : Fri Jan 24 2003 - 09:37:02 PST