Now Available DHCP 4.2.3-P1 and DHCP 4.1-ESV-R4 Notice: ISC DHCP Security Advisory 7 Dec CVE-2011-4539

Susan Graves sgraves at isc.org
Wed Dec 7 21:32:42 UTC 2011


The Release notes for 4.2.3-P1 is here:
https://deepthought.isc.org/article/AA-00565
for 4.1-ESV-R4 is here: https://deepthought.isc.org/article/AA-00566
------------------------------------
Title:  DHCP Regular Expressions Segfault

Summary: Segmentation fault from dhcpd while processing an evaluated
regular expression

CVE: CVE-2011-4539

Document Version: 1.2

Document url: https://www.isc.org/software/bind/advisories/cve-2011-4539

Posting date: 30 November 2011

Program Impacted: DHCP

Versions affected: 4.0.x and higher, including all EOL versions
                   back to 4.0, 4.1-ESV, and 4.2.x

Severity: Medium

Exploitable: Remotely

Description:
  A bug exists which allows an attacker who is able to send DHCP
  Request packets, either directly or through a relay, to remotely
  crash an ISC DHCP server if that server is configured to evaluate
  expressions using a regular expression (i.e. uses the "~=" or "~~"
  comparison operators.) Further details are being withheld to allow
  administrators of affected systems time to patch. You are potentially
  vulnerable if you use regular expression comparison operators in
  your dhcpd.conf

CVSS Score: 6.1

CVSS Equation: AV:N/AC:L/Au:N/C:N/I:N/A:C

  For more information on the Common Vulnerability Scoring System and
  to obtain your specific environmental score please visit:

http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)


Workarounds:
  This bug cannot be triggered if you are not using regular expressions
  in your configuration file.

Solution:
  Upgrade to 4.1-ESV-R4 or 4.2.3-P1
  Download patched versions from the following location:
http://www.isc.org/software/dhcp

Exploit Status: No known active exploits

Acknowledgment:

  Thank you to BlueCat Networks for finding and testing the issue.

Document Revision History
1.0 30 November 2011 - Phase I notified
1.1 6 December 2011 - Phase II & III notified
1.2  7 December 2011 - Public Release

Document URL: to be posted with public release

References:
- Do you have Questions? Questions regarding this advisory should
  go to security-officer at isc.org.

- ISC Security Vulnerability Disclosure Policy: Details of our
  current security advisory policy and practice can be found here:
  https://www.isc.org/security-vulnerability-disclosure-policy

Legal Disclaimer:
  Internet Systems Consortium (ISC) is providing this notice on an
  "AS IS" basis. No warranty or guarantee of any kind is expressed
  in this notice and none should be implied. ISC expressly excludes
  and disclaims any warranties regarding this notice or materials
  referred to in this notice, including, without limitation, any
  inferred warranty of merchantability, fitness for a particular
  purpose, absence of hidden defects, or of non-infringement. Your
  use of, or reliance on, this notice or materials referred to in
  this notice is at your own risk. ISC may change this notice at any
  time.

  A stand-alone copy or paraphrase of the text of this document
  that omits the distribution URL in the following section is an
  uncontrolled copy. Uncontrolled copies may lack important
  information, be out of date, or contain factual errors.




More information about the dhcp-announce mailing list