store_options: Invalid first cutoff
David Zych
dmrz at illinois.edu
Mon Jun 27 17:05:31 UTC 2011
I'm running two dhcpd 3.1.3 servers in a failover pair. Recently they both exited unexpectedly at exactly the same moment, and the last thing in the syslog output (from both servers) was:
2011-06-24T17:09:07-05:00 dhcpd: BOOTREQUEST from (mac redacted) via (router ip redacted)
2011-06-24T17:09:07-05:00 dhcpd: options.c:841:store_options: Invalid first cutoff.
2011-06-24T17:09:07-05:00 dhcpd:
2011-06-24T17:09:07-05:00 dhcpd: If you did not get this software from ftp.isc.org, please
[...snip...]
2011-06-24T17:09:07-05:00 dhcpd: the README file.
2011-06-24T17:09:07-05:00 dhcpd:
2011-06-24T17:09:07-05:00 dhcpd: exiting.
Log messages prior to that indicate that they were happily granting leases. When I manually restarted dhcpd it came back up with no problems.
In anyone aware of a known overflow vulnerability in dhcpd 3.1.3 from a malformed BOOTREQUEST or anything like that? I read the changelog for 3.1-ESV-R1 to see what had changed since 3.1.3 and nothing jumped out at me, and searching the web for the error text did not shed any light either.
Unfortunately this is a vendor appliance so I can't easily upgrade to the ESV, but from the changelog it's not obvious to me that that would make a difference anyway; right now my objective is to figure out whether I'm dealing with a "fluke" situation or something that could recur at any moment if another suitably malicious/broken client appears.
Thanks,
David
More information about the dhcp-users
mailing list