ISC DHCP DoS vulnerability



  • Please take note of this recently announced denial-of-service vulnerability of ISC dhcpd (pfSense runs v4.2.1-p1)

    http://www.isc.org/software/dhcp/advisories/cve-2011-2748

    ISC DHCP Server Halt
    Two issues have been found in DHCP that could allow an attacker to cause the server to halt.
    CVE: CVE-2011-2748
    Document Version:  1.1
    Posting date: 10 Aug 2011
    Program Impacted: DHCP
    Versions affected:  3.1.0 through 3.1-ESV-R1 (R2 never released) 4.0 all versions (EOL) 4.1.0 through 4.1.2rc1 4.1-ESV through 4.1-ESV-R3b1 4.2.0 through 4.2.2rc1 All End-of-Life versions of DHCP server are likely to be affected and ISC recommends upgrading to supported versions.
    Severity:  High
    Exploitable:  Remotely
    Description:
    A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets.

    Document ID: CVE-2011-2748, CVE-2011-2749

    CVSS Score: 7.8

    CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

    For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvww.cfm?calculator&adv&version=vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)

    Workarounds:
    Limiting DHCP and Bootp packets to only within your administrative domain will limit exposure.

    Active exploits:
    ISC received a report for one of the flaws and discovered the other during testing. No public exploits using these bugs are known.
    Solution:
    Upgrade to: 3.1-ESV-R3, 4.1-ESV-R3 or 4.2.2

    Please note that this is the last update to 3.1-ESV as it will be End-of-Life after this release.

    Download these versions from https://www.isc.org/downloads/all

    Acknowledgment:
    Found by David Zych at University of Illinois

    Document Revision History

    1.0 27 July 2011 - Phase 1 disclosure

    1.1 09 August 2011 - Phase 2 and 3 disclosures


Locked