From owner-freebsd-security@FreeBSD.ORG  Wed Apr 20 07:50:16 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5487A1065670
	for <freebsd-security@freebsd.org>;
	Wed, 20 Apr 2011 07:50:16 +0000 (UTC)
	(envelope-from patfbsd@davenulle.org)
Received: from smtp.lamaiziere.net (net.lamaiziere.net [91.121.44.19])
	by mx1.freebsd.org (Postfix) with ESMTP id 1BB988FC0A
	for <freebsd-security@freebsd.org>;
	Wed, 20 Apr 2011 07:50:15 +0000 (UTC)
Received: from mr12941.univ-rennes1.fr (mr129041.cri.univ-rennes1.fr
	[129.20.129.41])
	by smtp.lamaiziere.net (Postfix) with ESMTPA id 8BFA163307C;
	Wed, 20 Apr 2011 09:31:27 +0200 (CEST)
Received: from mr12941 (localhost.localdomain [127.0.0.1])
	by mr12941.univ-rennes1.fr (Postfix) with ESMTP id 3B79F7A0064;
	Wed, 20 Apr 2011 09:31:27 +0200 (CEST)
Date: Wed, 20 Apr 2011 09:31:27 +0200
From: Patrick Lamaiziere <patfbsd@davenulle.org>
To: freebsd-security@freebsd.org
Message-ID: <20110420093127.3437c7bd@mr12941>
In-Reply-To: <425B4657-A217-404E-8BC2-74BF3039002C@mac.com>
References: <F33ACEB2-3E7D-4965-9382-74F2C0C498A3@mac.com>
	<425B4657-A217-404E-8BC2-74BF3039002C@mac.com>
X-Mailer: Claws Mail 3.7.6 (GTK+ 2.22.0; i486-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: 
Subject: Re: dhclient and CVE-2011-0997...?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Apr 2011 07:50:16 -0000

Le Tue, 19 Apr 2011 10:19:46 -0700,
Chuck Swiger <cswiger@mac.com> a écrit :

> Hi--
> 
> Are folks familiar with:
> 
>   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997
>   http://www.isc.org/software/dhcp/advisories/cve-2011-0997
>   http://nakedsecurity.sophos.com/2011/04/07/flaw-in-iscs-dhclient-could-allow-remote-code-execution/
> 
> Checking
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/dhclient/dhclient.c, I
> don't see signs that it may have been updated.  But, I also can't
> readily tell which version of dhclient FreeBSD actually has and how
> much it might have been changed from the ISC version.  :-)

FreeBSD uses the OpenBSD dhclient, not the ISC one.

Regards.