You are here

U-224: ISC DHCP Multiple Denial of Service Vulnerabilities

July 31, 2012 - 7:00am

Addthis

PROBLEM:

ISC DHCP Multiple Denial of Service Vulnerabilities

PLATFORM:

ISC DHCP before versions DHCP 4.1-ESV-R6 or DHCP 4.2.4-P1

ABSTRACT:

ISC DHCP is prone to multiple denial-of-service vulnerabilities.

reference LINKS:

BIND and DHCP Security Updates Released
Bugtraq ID: 54665
Secunia Advisory SA50018
CVE-2012-3571
CVE-2012-3570
CVE-2012-3954

IMPACT ASSESSMENT:

Medium

Discussion:

Multiple vulnerabilities have been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An error when handling client identifiers can be exploited to trigger an endless loop and prevent the server from processing further client requests via a specially crafted packet.

2) An error when handling client identifiers when running in DHCPv6 mode can be exploited to cause a buffer overflow and crash the server via a specially crafted packet.

3) Two memory leak errors exist when processing messages and can be exploited to consume all memory and prevent the server from processing further requests by sending multiple requests to the server.

Impact:

An attacker can exploit these issues to cause the affected application to crash, resulting in a denial-of-service condition.

Solution:

The vendor has issued a fix (Update to version 4.1-ESV-R6 or 4.2.4-P1). ).

 

Addthis