DHCP Security Leak
Glenn.Satchell at uniq.com.au
Wed May 2 14:10:41 UTC 2007
>Date: Wed, 2 May 2007 09:15:15 -0400 (EDT)
>Subject: Re: DHCP Security Leak
>From: guru.bidari at sirvisetti.com
>To: dhcp-users at isc.org
>Cc: dhcp-users at isc.org
>>>Date: Tue, 1 May 2007 16:19:00 -0400 (EDT)
>>>Subject: DHCP Security Leak
>>>From: guru.bidari at sirvisetti.com
>>>To: dhcp-users at isc.org
>>>In our infrastructure we are using DHCP, with system-defined lease-period
>>>(24 hours), the IP-address of the pc is refreshed.
>>>We are using one product called as auto print the way it works, we think
>>>we have a security leak.
>>>After a user scheduled a job and he logged out before the job is finished
>>>and ftp-ed, it is possible that another user gets that IP-address before
>>>the output is processed.
>>>This is more of an issue when concurrent request is re-scheduled to run
>>>So we think that it is a leak that another user on a different pc can get
>>>the output of that request, because that pc has leased the IP-address
>>>Please provide us the solution to overcome this security leak.
>> Instead of ftp back to the original PC, ftp to the user's directory on
>> a server. Set up the permissions so that only that user can read the
>> files in the given directory.
>> This is an application problem, not a DHCP problem.
>We are using the server to ftp it to the directory and permissions are set
>properly for each indivisual users. The problem we think it is a leak that
>another user on a different pc can get the output of that request, because
>that pc has leased the IP-address.
So where do the output files go? Another server or the user's PC?
You can test this. On one PC creatre a request within the application,
then release the IP address. On another PC manually configure that same
IP address and try to access the files.
Again, this is not a dhcp issue, because a user could completely bypass
dhcp and manually configure any IP address and if that allows them to
access the files, then you have a problem.
More information about the dhcp-users