COMMAND

    wide-dhcp

SYSTEMS AFFECTED

    OpenBSD

PROBLEM

    Oleg  Safiullin  found  following.    WIDE  DHCP  server   creates
    /tmp/addrpool_dump without checking  if this file  already exists,
    so any user can overwrite any file doing something like this:

        ln -s /etc/master.passwd /tmp/addrpool_dump

SOLUTION

    This  bug  already  fixed  in  OpenBSD  ports  tree.   If  you are
    currently using wide dhcp, you can fix this error by adding:

        unlink(ADDRPOOL_DUMP) before fopen(ADDRPOOL_DUMP, "w+")

    in files server/dhcps.c and server/database.c.