Post by Kevin McAleavey on Apr 14, 2011 1:59:38 GMT -5
DHCP (Dynamic Host Control Protocol) is an important part of connectivity to the internet which allows client computers to automatically configure themselves and be assigned an IP address automatically from a server or a router to allow them to use internet services. A facility known as "dhclient" performs the automatic discovery and connection which allows seamless access to the internet without the need to manually configure an IP address by the end user.
We've received numerous emails to support regarding a recently discovered flaw in the ISC implementation of DHCP and its dhclient service which affects most versions of Linux and is described in this CERT bulletin: www.kb.cert.org/vuls/id/107886
Details can be found in documentation from the source of the dhcp and dhclient modules here: www.isc.org/software/dhcp/advisories/cve-2011-0997
Affected systems are listed here:
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux x86_64 -current
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux 12.2
Slackware Linux 12.1
Slackware Linux 12.0
Slackware Linux 11.0
Slackware Linux -current
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux 5 server
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Desktop 5 client
MandrakeSoft Linux Mandrake 2010.1 x86_64
MandrakeSoft Linux Mandrake 2010.1
MandrakeSoft Linux Mandrake 2010.0 x86_64
MandrakeSoft Linux Mandrake 2010.0
MandrakeSoft Linux Mandrake 2009.0 x86_64
MandrakeSoft Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
ISC DHCPD 4.1.1
ISC DHCPD 3.1.1
ISC DHCPD 3.0.4
ISC DHCPD 3.0.1 rc9
+ Conectiva Linux Enterprise Edition 1.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
KNOS is not affected by this in any way owing to its use of internal BSD kernel DHCP support and the ISC-DHCP "add-on" is not required nor used in KNOS. Therefore, after extensive auditing of the core code in the FreeBSD kernel which handles all DHCP functions, there are no issues for users of KNOS. Updates have been provided by other Linux vendors such as Ubuntu and several others which must be updated by the end user to the latest patch levels according to whatever maintenance agreements may be in place. For those using Linux, check with your vendor to ensure that you have the latest version installed on your system as this vulnerability is rather serious. Again, these vulnerabilities do NOT affect KNOS in any way and no action is required by KNOS users.
We've received numerous emails to support regarding a recently discovered flaw in the ISC implementation of DHCP and its dhclient service which affects most versions of Linux and is described in this CERT bulletin: www.kb.cert.org/vuls/id/107886
Details can be found in documentation from the source of the dhcp and dhclient modules here: www.isc.org/software/dhcp/advisories/cve-2011-0997
Affected systems are listed here:
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux x86_64 -current
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux 12.2
Slackware Linux 12.1
Slackware Linux 12.0
Slackware Linux 11.0
Slackware Linux -current
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux 5 server
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Desktop 5 client
MandrakeSoft Linux Mandrake 2010.1 x86_64
MandrakeSoft Linux Mandrake 2010.1
MandrakeSoft Linux Mandrake 2010.0 x86_64
MandrakeSoft Linux Mandrake 2010.0
MandrakeSoft Linux Mandrake 2009.0 x86_64
MandrakeSoft Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
ISC DHCPD 4.1.1
ISC DHCPD 3.1.1
ISC DHCPD 3.0.4
ISC DHCPD 3.0.1 rc9
+ Conectiva Linux Enterprise Edition 1.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
KNOS is not affected by this in any way owing to its use of internal BSD kernel DHCP support and the ISC-DHCP "add-on" is not required nor used in KNOS. Therefore, after extensive auditing of the core code in the FreeBSD kernel which handles all DHCP functions, there are no issues for users of KNOS. Updates have been provided by other Linux vendors such as Ubuntu and several others which must be updated by the end user to the latest patch levels according to whatever maintenance agreements may be in place. For those using Linux, check with your vendor to ensure that you have the latest version installed on your system as this vulnerability is rather serious. Again, these vulnerabilities do NOT affect KNOS in any way and no action is required by KNOS users.