DHCP Security Advisory 12 December 2012, CVE-2011-4868

Michael McNally mcnally at isc.org
Thu Jan 12 22:41:09 UTC 2012


This is a security advisory for users of ISC DHCP software.
The original advisory can be found on the ISC web site at:
https://www.isc.org/software/dhcp/advisories/cve-2011-4868

In coordination with this announcement, ISC is releasing
DHCP 4.2.3-P2 to correct the error condition which is
described in the advisory.  Please review the advisory to
see whether you are running a vulnerable version and using
features which expose the vulnerability and upgrade if
necessary.  Release notes for DHCP 4.2.3-P2 can be found at:
https://deepthought.isc.org/article/AA-00595

----

Title:

   An Error in DDNS Processing of DHCPv6 Leases Can Cause a
   Crash in ISC dhcpd

Summary:

   Improper handling of Dynamic DNS information associated with
   DHCPv6 leases can cause a segmentation fault in ISC DHCP servers
   using IPv6 and Dynamic DNS, resulting in denial of service to
   clients.

Document ID:  1.2

CVE: CVE-2011-4868

Document Version: 1.0

Posting date: 12 January 2012

Program Impacted: ISC DHCP

Versions affected: 

   4.2.2, 4.2.3, 4.2.3-P1.
   Version 4.2.1 and previous are not vulnerable.

Severity: High

Exploitable: Remotely

Description:

   Due to improper handling of a DHCPv6 lease structure, ISC DHCP
   servers that are serving IPv6 address pools AND using Dynamic
   DNS can encounter a segmentation fault error while updating
   lease status under certain conditions. The potential exists for
   this condition to be intentionally triggered, resulting in
   effective denial of service to clients expecting service from
   the affected server. Users of affected versions who use DHCPv6
   and Dynamic DNS should upgrade to version 4.2.3-P2.

CVSS Score: 6.1

CVSS Equation:

   For more information on the Common Vulnerability Scoring System and to
   obtain your specific environmental score please visit:
   http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=%28AV:A/AC:L/Au:N/C:N/I:N/A:C%29

Workarounds:

   No known workarounds, please upgrade.
   Note: Your server is not vulnerable to this condition if:
   - you are not running an affected version of ISC DHCP, or
   - you are not using Dynamic DNS, or
   - you are not issuing DHCPv6 leases

Solution:

   Upgrade to ISC DHCP 4.2.3-P2. This can be downloaded from:
   http://www.isc.org/software/dhcp

Exploit Status: No known active exploits

Acknowledgment:

   ISC would like to thank Jasper Jongmans for finding and reporting
   this issue.

Document Revision History:

   1.0 05 January 2012 - Phase I notified
   1.1 11 January 2012 - Phase II & III notified
   1.2 12 January 2012 - Public Release

References:

- Do you have Questions? Questions regarding this advisory should go to
security-officer at isc.org.

- ISC Security Vulnerability Disclosure Policy: Details of our current
security advisory policy and practice can be found here:
https://www.isc.org/security-vulnerability-disclosure-policy

Legal Disclaimer:

Internet Systems Consortium (ISC) is providing this notice on an
"AS IS" basis. No warranty or guarantee of any kind is expressed
in this notice and none should be implied. ISC expressly excludes
and disclaims any warranties regarding this notice or materials
referred to in this notice, including, without limitation, any
inferred warranty of merchantability, fitness for a particular
purpose, absence of hidden defects, or of non-infringement. Your
use of, or reliance on, this notice or materials referred to in
this notice is at your own risk. ISC may change this notice at any
time.

A stand-alone copy or paraphrase of the text of this document that
omits the distribution URL in the following section is an uncontrolled
copy. Uncontrolled copies may lack important information, be out
of date, or contain factual errors.



More information about the dhcp-announce mailing list