Several potentially serious security flaws exist in the Internet Software Consortium’s Dynamic Host Configuration Protocol software, which is shipped as part of several operating systems, the CERT Coordination Center warned Thursday.In an internal audit, ISC discovered multiple buffer overflow flaws in Versions 3.0 through 3.0.1RC10 of its DHCP product, according to a CERT advisory.The flaws lie in a feature of ISC’s DHCP product that allows the DHCP server to automatically update a DNS server. An attacker could take over an affected system by sending a DHCP message containing a large hostname, according to CERT.The ISC DHCP software ships as part of products from Red Hat and SuSE Linux AG; the vulnerability status of many other vendors is still unknown, CERT said. Red Hat already has a patch available; SuSE is working on a software update, according to CERT. DHCP software is used to automatically assign users IP addresses when they sign on to a network. Typically a DHCP server is not accessible externally, limiting the threat of attacks.ISC, which also provides the widely used BIND DNS software, has released an update fixing the DHCP flaws. CERT maintains a list of vendors whose software could contain the ISC software and may also be vulnerable. The CERT advisory is at: http://www.cert.org/advisories/CA-2003-01.html Related content news Broadcom to lay off over 1,200 VMware employees as deal closes The closing of VMware’s $69 billion acquisition by Broadcom will lead to layoffs, with 1,267 VMware workers set to lose their jobs at the start of the new year. By Jon Gold Dec 01, 2023 3 mins Technology Industry Mergers and Acquisitions news analysis Cisco joins $10M funding round for Aviz Networks' enterprise SONiC drive Investment news follows a partnership between the vendors aimed at delivering an enterprise-grade SONiC offering for customers interested in the open-source network operating system. By Michael Cooney Dec 01, 2023 3 mins Network Management Software Network Management Software Network Management Software news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe