ISC DHCP DoS vulnerability
-
Please take note of this recently announced denial-of-service vulnerability of ISC dhcpd (pfSense runs v4.2.1-p1)
http://www.isc.org/software/dhcp/advisories/cve-2011-2748
ISC DHCP Server Halt
Two issues have been found in DHCP that could allow an attacker to cause the server to halt.
CVE: CVE-2011-2748
Document Version: 1.1
Posting date: 10 Aug 2011
Program Impacted: DHCP
Versions affected: 3.1.0 through 3.1-ESV-R1 (R2 never released) 4.0 all versions (EOL) 4.1.0 through 4.1.2rc1 4.1-ESV through 4.1-ESV-R3b1 4.2.0 through 4.2.2rc1 All End-of-Life versions of DHCP server are likely to be affected and ISC recommends upgrading to supported versions.
Severity: High
Exploitable: Remotely
Description:
A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets.Document ID: CVE-2011-2748, CVE-2011-2749
CVSS Score: 7.8
CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvww.cfm?calculator&adv&version=vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Workarounds:
Limiting DHCP and Bootp packets to only within your administrative domain will limit exposure.Active exploits:
ISC received a report for one of the flaws and discovered the other during testing. No public exploits using these bugs are known.
Solution:
Upgrade to: 3.1-ESV-R3, 4.1-ESV-R3 or 4.2.2Please note that this is the last update to 3.1-ESV as it will be End-of-Life after this release.
Download these versions from https://www.isc.org/downloads/all
Acknowledgment:
Found by David Zych at University of IllinoisDocument Revision History
1.0 27 July 2011 - Phase 1 disclosure
1.1 09 August 2011 - Phase 2 and 3 disclosures