DHCP: Fencepost error on zero-length client identifier

Summary: 
A request from a client containing a zero length client id will cause the server to exit.
CVE: 
CVE-2010-2156
CERT: 
VU#541921
Posting date: 
01 Jun 2010
Program Impacted: 
DHCP
Versions affected: 
4.0.x, 4.1.x, 4.2.x
Severity: 
High
Exploitable: 
remotely
Description: 

A request from a client containing a zero length client id will cause the server to exit.

Impact:
The DHCP server will exit upon receipt of a request containing a zero length client ID, necessitating a restart.

Workarounds: 

Some defense against this may be achieved by restricting packets to servers, but only an upgrade provides a complete solution.

Active exploits: 
None known at this time.
Solution: 

Upgrade DHCP to one of the following: 4.1.1-P1 or 4.0.2-P1.

There are no plans for fixes for affected versions of DHCP previous to 4.1.1 and 4.0.2 of the 4.x branches, and please note that version 3.1.x is not affected.

The patch will be included in the next beta release for 4.2.0.

Questions should be addressed to dhcp-bugs@isc.org.

Share this