Fedora 13 : dhcp-4.1.1-27.P1.fc13 (2010-17303)

medium Nessus Plugin ID 50682

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

- Thu Nov 4 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-27.P1

- Fix for CVE-2010-3611 (#649880)

- Wed Oct 13 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-26.P1

- Server was ignoring client's Solicit (where client included address/prefix as a preference) (#634842)

- Tue Sep 7 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-25.P1

- Hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO

- Fri Aug 20 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-24.P1

- Add DHCRELAYARGS variable to /etc/sysconfig/dhcrelay

- Tue Jun 29 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-23.P1

- Fix parsing of date (#514828)

- Thu Jun 3 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-22.P1

- 4.1.1-P1 (pair of bug fixes including one for a security related bug).

- Fix for CVE-2010-2156 (#601405)

- Compile with -fno-strict-aliasing

- N-V-R (copied from bind.spec):
Name-Version-Release.Patch.dist

- Mon May 3 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-21

- Fix the initialization-delay.patch (#587070)

- Thu Apr 29 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-20

- Cut down the 0-4 second delay before sending first DHCPDISCOVER (#587070)

- Wed Apr 28 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-19

- Move /etc/NetworkManager/dispatcher.d/10-dhclient script from dhcp to dhclient subpackage (#586999).

- Wed Apr 28 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-18

- Add domain-search to the list of default requested DHCP options (#586906)

- Wed Apr 21 2010 Jiri Popelka <jpopelka at redhat.com>
- 12:4.1.1-17

- If the Reply was received in response to Renew or Rebind message, client adds any new addresses in the IA option to the IA (#578097)

- Mon Apr 19 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-16

- Fill in Elapsed Time Option in Release/Decline messages (#582939)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected dhcp package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=649877

http://www.nessus.org/u?05939a43

Plugin Details

Severity: Medium

ID: 50682

File Name: fedora_2010-17303.nasl

Version: 1.13

Type: local

Agent: unix

Published: 11/23/2010

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:dhcp, cpe:/o:fedoraproject:fedora:13

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/5/2010

Reference Information

CVE: CVE-2010-3611

BID: 44615

FEDORA: 2010-17303