ISC Security Advisory: ISC DHCP Server Halt

[Larissa Shapiro]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ISC Security Advisory:  ISC DHCP Server Halt

Note: this advisory is now released to the public.

Summary: Two issues have been found in DHCP that could allow an
attacker to cause the server to halt.

Document ID: CVE-2011-2748, CVE-2011-2749

Document Version: 1.0

Document URL: http://www.isc.org/software/dhcp/advisories/cve-2011-2748

Posting date: 10 August, 2011

Program Impacted: DHCP

Versions affected: All End-of-Life versions of DHCP server are likely
to be affected and ISC recommends upgrading to supported versions.

3.1.0 through 3.1-ESV-R1 (R2 never released), 4.0 all versions (EOL),
4.1.0 through 4.1.2rc1, 4.1-ESV through 4.1-ESV-R3b1, 4.2.0 through
4.2.2rc1

Severity: High

Exploitable: Remotely

Description:
A pair of defects cause the server to halt upon processing certain
packets.
The patch is to properly discard or process those packets.

CVSS Score: 7.8

CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

For more information on the Common Vulnerability Scoring System and to
obtain your specific environmental score please
visit:http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C
<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=%28AV:N/AC:L/Au:N/C:N/I:N/A:C>)

Workarounds:
Limiting DHCP and Bootp packets to only within your administrative
domain will limit exposure.

Solution:
Upgrade to: 3.1-ESV-R3, 4.1-ESV-R3 or 4.2.2 (see
http://www.isc.org/software/dhcp/ for up to date software)
Please note that this is the last update to 3.1-ESV as it will be
End-of-Life after this release.

Exploit Status:
ISC received a report for one of the flaws and discovered the other
during testing. No public exploits using these bugs are known.

Acknowledgment:
Found by David Zych at University of Illinois

Document Revision History
1.0 27 July 2011 - Phase 1 disclosure
1.1 09 August 2011 - Phase 2 and 3 disclosures

References:
- - Do you have Questions? Questions regarding this advisory should go
to security-officer at isc.org <mailto:security-officer at isc.org>.
- - ISC Security Vulnerability Disclosure Policy: Details of our current
security advisory policy and practice can be found here:
https://www.isc.org/security-vulnerability-disclosure-policy

Legal Disclaimer:
Internet Systems Consortium (ISC) is providing this notice on an "AS
IS" basis. No warranty or guarantee of any kind is expressed in this
notice and none should be implied. ISC expressly excludes and
disclaims any warranties regarding this notice or materials referred
to in this notice, including, without limitation, any inferred
warranty of merchantability, fitness for a particular purpose, absence
of hidden defects, or of non-infringement. Your use of, or reliance
on, this notice or materials referred to in this notice is at your own
risk. ISC may change this notice at any time.

A stand-alone copy or paraphrase of the text of this document that
omits the distribution URL in the following section is an uncontrolled
copy. Uncontrolled copies may lack important information, be out of
date, or contain factual errors.

- -- 
Larissa Shapiro
Internet Systems Consortium Product Manager
Technology Leadership for the Common Good
+1 650 423 1335
www.isc.org

- -- 
Larissa Shapiro
Internet Systems Consortium Product Manager
Technology Leadership for the Common Good
+1 650 423 1335
www.isc.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOQp5WAAoJEBOIp87tasiUPQEH/j/SH+8gcnZzqL6udjk9LHYf
98RYHue4yJbARBCHzORcjRO49nke2rdJ7nhuuuD5Nz8XY+J9mktqP/yjpiV3lKAE
8VLyEX/31rJm3F+9R/Q0F9s5oMAorZwrwFNyiQ0F60wuoLXpETdluUx57ty6p3Yz
Zkq6+kj6rs8PAbBZORguQmwZDP/lfpLhw9dlVr5bFKlWjvyrybSe9tdJ4Yp33PP2
fn3jSQKkiQm6RENCiCS4JuZs9In6bO/JQY+6up/JoDUGBnt5ii+wJ9+0Od7Vm9Uc
Z6Lb0Fs5oXlOwAOfQ/Ygg53ceYTNfU0b5ZmZSURi6n7XKwZLnzRJzRCu5pZ0MU8=
=EHFN
-----END PGP SIGNATURE-----