• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

ISC DHCP DoS vulnerability

Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
1 Posts 1 Posters 2.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dhatz
    last edited by Aug 11, 2011, 3:47 PM Aug 11, 2011, 3:45 PM

    Please take note of this recently announced denial-of-service vulnerability of ISC dhcpd (pfSense runs v4.2.1-p1)

    http://www.isc.org/software/dhcp/advisories/cve-2011-2748

    ISC DHCP Server Halt
    Two issues have been found in DHCP that could allow an attacker to cause the server to halt.
    CVE: CVE-2011-2748
    Document Version:  1.1
    Posting date: 10 Aug 2011
    Program Impacted: DHCP
    Versions affected:  3.1.0 through 3.1-ESV-R1 (R2 never released) 4.0 all versions (EOL) 4.1.0 through 4.1.2rc1 4.1-ESV through 4.1-ESV-R3b1 4.2.0 through 4.2.2rc1 All End-of-Life versions of DHCP server are likely to be affected and ISC recommends upgrading to supported versions.
    Severity:  High
    Exploitable:  Remotely
    Description:
    A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets.

    Document ID: CVE-2011-2748, CVE-2011-2749

    CVSS Score: 7.8

    CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

    For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvww.cfm?calculator&adv&version=vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)

    Workarounds:
    Limiting DHCP and Bootp packets to only within your administrative domain will limit exposure.

    Active exploits:
    ISC received a report for one of the flaws and discovered the other during testing. No public exploits using these bugs are known.
    Solution:
    Upgrade to: 3.1-ESV-R3, 4.1-ESV-R3 or 4.2.2

    Please note that this is the last update to 3.1-ESV as it will be End-of-Life after this release.

    Download these versions from https://www.isc.org/downloads/all

    Acknowledgment:
    Found by David Zych at University of Illinois

    Document Revision History

    1.0 27 July 2011 - Phase 1 disclosure

    1.1 09 August 2011 - Phase 2 and 3 disclosures

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received