DHCP Security Leak

Glenn Satchell Glenn.Satchell at uniq.com.au
Wed May 2 14:10:41 UTC 2007 

>Date: Wed, 2 May 2007 09:15:15 -0400 (EDT)
>Subject: Re: DHCP Security Leak
>From: guru.bidari at sirvisetti.com
>To: dhcp-users at isc.org
>Cc: dhcp-users at isc.org
>
>>>Date: Tue, 1 May 2007 16:19:00 -0400 (EDT)
>>>Subject: DHCP Security Leak
>>>From: guru.bidari at sirvisetti.com
>>>To: dhcp-users at isc.org
>>>
>>>Hi
>>>
>>>In our infrastructure we are using DHCP, with system-defined lease-period
>>>(24 hours), the IP-address of the pc is refreshed.
>>>
>>>We are using one product called as auto print the way it works, we think
>>>we have a security leak.
>>>
>>>After a user scheduled a job and he logged out before the job is finished
>>>and ftp-ed, it is possible that another user gets that IP-address before
>>>the output is processed.
>>>
>>>This is more of an issue when concurrent request is re-scheduled to run
>>> at
>>>an interval.
>>>
>>>So we think that it is a leak that another user on a different pc can get
>>>the output of that request, because that pc has leased the IP-address
>>> now.
>>>
>>>Please provide us the solution to overcome this security leak.
>>
>> Instead of ftp back to the original PC, ftp to the user's directory on
>> a server. Set up the permissions so that only that user can read the
>> files in the given directory.
>>
>> This is an application problem, not a DHCP problem.
>>
>> regards,
>> -glenn
>
>We are using the server to ftp it to the directory and permissions are set
>properly for each indivisual users. The problem we think it is a leak that
>another user on a different pc can get the output of that request, because
>that pc has leased the IP-address.

So where do the output files go? Another server or the user's PC?

You can test this. On one PC creatre a request within the application,
then release the IP address. On another PC manually configure that same
IP address and try to access the files.

Again, this is not a dhcp issue, because a user could completely bypass
dhcp and manually configure any IP address and if that allows them to
access the files, then you have a problem.

regards,
-glenn

More information about the dhcp-users mailing list