ISC DHCP: Multiple vulnerabilities — GLSA 201804-05

Multiple vulnerabilities have been found in ISC DHCP, the worst of which could allow for the remote execution of arbitrary code.

Affected packages

net-misc/dhcp on all architectures
Affected versions < 4.3.6_p1
Unaffected versions >= 4.3.6_p1

Background

ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.

Description

Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details.

Impact

Remote attackers could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts.

Workaround

There are no known workarounds at this time for CVE-2018-5732 or CVE-2018-5733.

In accordance with upstream documentation, the recommended workaround for CVE-2017-3144 is, β€œto disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation).”

Resolution

All DHCP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.3.6_p1"
 

References

Release date
April 08, 2018

Latest revision
April 08, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries