(OpenBSD Issues Fix) ISC DHCP Can Be Crashed By Remote Users with a Specially Crafted DHCPOFFER Packet
|
|
SecurityTracker Alert ID: 1016758 |
|
SecurityTracker URL: http://securitytracker.com/id/1016758
|
|
CVE Reference:
CVE-2006-3122
(Links to External Site)
|
Date: Aug 25 2006
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.0pl5
|
Description:
A vulnerability was reported in ISC's DHCP. A remote user can cause denial of service conditions.
A remote user can send a specially crafted DHCPOFFER packet that is exactly 32 bytes long to cause the target DHCP service to crash.
The flaw resides in the supersede_lease() function in memory.c.
DHCP version 3 servers are not affected.
Andrew Steets reported this vulnerability on July 28, 2006.
|
Impact:
A remote user can cause the DHCP service to crash.
|
Solution:
OpenBSD has issued the following fixes:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/011_dhcpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/006_dhcpd.patch
|
Vendor URL: www.isc.org/sw/dhcp/ (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
UNIX (OpenBSD)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 25 Aug 2006 12:39:24 -0400
Subject: OpenBSD vulnerability
|
SECURITY FIX: August 25, 2006 All architectures
Due to an off-by-one error in dhcpd(8), it is possible to cause dhcpd(8) to exit by
sending a DHCPDISCOVER packet with a 32-byte client identifier option. CVE-2006-3122
A source code patch exists which remedies this problem.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/006_dhcpd.patch
|
|
