From owner-freebsd-security  Wed Jan 22 14:32:38 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1B89837B405
	for <freebsd-security@FreeBSD.ORG>; Wed, 22 Jan 2003 14:32:37 -0800 (PST)
Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9DDCD43FB9
	for <freebsd-security@FreeBSD.ORG>; Wed, 22 Jan 2003 14:32:21 -0800 (PST)
	(envelope-from emechler@radix.cryptio.net)
Received: from radix.cryptio.net (localhost [127.0.0.1])
	by radix.cryptio.net (8.12.6/8.12.6) with ESMTP id h0MMWF0N065037
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Wed, 22 Jan 2003 14:32:15 -0800 (PST)
	(envelope-from emechler@radix.cryptio.net)
Received: (from emechler@localhost)
	by radix.cryptio.net (8.12.6/8.12.6/Submit) id h0MMWFCm065036;
	Wed, 22 Jan 2003 14:32:15 -0800 (PST)
Date: Wed, 22 Jan 2003 14:32:15 -0800
From: Erick Mechler <emechler@techometer.net>
To: =?iso-8859-1?Q?Andr=E9s?= Vargas <elerrordlmilenio@hotmail.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ISC DHCPD NSUPDATE Buffer Overflow Vulnerabilities
Message-ID: <20030122223215.GN3893@techometer.net>
References: <200301212035.h0LKZvvD077479@dc.cis.okstate.edu> <OE23CvqQ7SzE2NSAW4e0000403f@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <OE23CvqQ7SzE2NSAW4e0000403f@hotmail.com>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

:: The following advisory indicates FreeBSD 4.1-4.5 are affected.
:: 
:: http://securityresponse.symantec.com/avcenter/security/Content/6627.html
:: 
:: I have not seen any comments in this security list.  Am I missing something?

DHCP isn't part of the base system, so FreeBSD is only vulnerable if you've
installed the port.  A fix was committed to the ports tree 6 days ago by
Kris, updating the DHCP port to 3.0.1.r11.  If you're using the DHCP port,
use your method of choice to upgrade.

  http://www.freebsd.org/cgi/cvsweb.cgi/ports/net/isc-dhcp3/

Security advisories for 3rd party packages (i.e., ports) are issued in
bundles, and have the "FreeBSD-SN" prefix (SN == Security Notice).  See
http://www.freebsd.org/security/#adv for more information.

Cheers - Erick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message