Linux suppliers tackle security holes

Linux suppliers have begun releasing fixes for two critical security bugs in a networking component that could allow a...

Linux suppliers have begun releasing fixes for two critical security bugs in a networking component that could allow a denial-of-service attack or enable an attacker to take control of a system.

The problem is with the Internet Systems Consortium's Dynamic Host Configuration Protocol (DHCP) 3 application, shipped with many Linux and Unix operating system distributions as a tool for transmitting configuration information across a network.

Researchers discovered two flaws in the application that could allow a malicious user to crash systems running the DHCP server.

The bugs mean that many Unix and Linux systems will be vulnerable at least to a denial-of-service attack, and possibly to more serious threats, researchers said.

However, security firm Secunia said that in most cases only users on the local network will be able to exploit the bugs. Only two versions of DHCP 3 are believed to be vulnerable, specifically version 3.0.1, release candidates (rc) 12 and 13. Earlier versions do not include the vulnerable code, and rc14 eliminates the problem, according to researchers at the US Department of Homeland Security.

"All versions of ISC DCHP 3, including all snapshots, betas, and release candidates, contain the flawed code," said Jason Rafail, researcher at the US Computer Emergency Readiness Team (US-Cert), part of Homeland Security.

Both bugs involve buffer overflows; the first, involving the way log lines are stored, can be exploited on any operating system, while the second is only exploitable on a more limited range of systems including AIX, HP-UX and Linux, according to US-Cert's advisory.

Linux suppliers including SuSE and MandrakeSoft have released patches fixing the versions of DHCP 3 included in their distributions.

Security problems are not new to DHCP. In January 2003, a version of ISC's DHCP 3 included in Red Hat and SuSE Linux distributions was found to allow remote users to take control of systems.

In December last year, Apple Computer fixed a bug in Mac OS X's implementation of DHCP which could have allowed full access by a remote or local user. As Linux continues to grow in popularity and market share, security researchers and potential attackers are increasing their scrutiny on the operating system's underlying code, with the result that more problems are inevitably coming to light, say industry observers.

Read more on PC hardware