Synopsis
The remote SUSE host is missing one or more security updates.
Description
This update for dhcp fixes the following issues :
- CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305)
The following bugs were fixed :
- bsc#936923: Improper lease duration checking
- bsc#880984: Integer overflows in the date and time handling code
- bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes
- bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly
- bsc#928390: dhclient dit not expose next-server DHCPv4 option to script
- bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 11-SP4 :
zypper in -t patch sdksp4-dhcp-12410=1
SUSE Linux Enterprise Software Development Kit 11-SP3 :
zypper in -t patch sdksp3-dhcp-12410=1
SUSE Linux Enterprise Server for VMWare 11-SP3 :
zypper in -t patch slessp3-dhcp-12410=1
SUSE Linux Enterprise Server 11-SP4 :
zypper in -t patch slessp4-dhcp-12410=1
SUSE Linux Enterprise Server 11-SP3 :
zypper in -t patch slessp3-dhcp-12410=1
SUSE Linux Enterprise Desktop 11-SP4 :
zypper in -t patch sledsp4-dhcp-12410=1
SUSE Linux Enterprise Desktop 11-SP3 :
zypper in -t patch sledsp3-dhcp-12410=1
SUSE Linux Enterprise Debuginfo 11-SP4 :
zypper in -t patch dbgsp4-dhcp-12410=1
SUSE Linux Enterprise Debuginfo 11-SP3 :
zypper in -t patch dbgsp3-dhcp-12410=1
To bring your system up-to-date, use 'zypper patch'.
Plugin Details
File Name: suse_SU-2016-0481-1.nasl
Agent: unix
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:dhcp-client, p-cpe:/a:novell:suse_linux:dhcp, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:dhcp-relay, p-cpe:/a:novell:suse_linux:dhcp-server
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 2/16/2016
Vulnerability Publication Date: 1/14/2016