ISC DHCP daemon ASCII characters in log lines buffer overflow
| dhcp-ascii-log-bo (16475) |  High Risk |
Description:
Internet Software Consortium (ISC) Dynamic Host Configuration Protocol (DHCP) daemon is vulnerable to a buffer overflow, caused by improper handling of log lines that contain only ASCII characters. By sending a specially-crafted packet to DHCPD listening on UDP port 67, a remote attacker could overflow a buffer and cause DHCPD to crash and possibly execute arbitrary code on the server with the privileges of the DHCPD process, typically root.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of ISC DHCP (3.0.1rc14 or later), available from the Internet Software Consortium Web site. See References.
For OpenPKG:
Upgrade to the latest dhcpd package, as listed in OpenPKG Security Advisory OpenPKG-SA-2004.031. See References.
OpenPKG 2.0: 3.0.1rc13-2.0.1 or later
OpenPKG CURRENT: 3.0.1rc14-20040623 or later
OpenPKG 1.3 :3.0.1rc11-1.3.1 or later
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Mon Jun 28 2004 - 00:23:53 CDT: ISC DHCP overflows.
- CIAC Information Bulletin 0-177: Multiple Vulnerabilities in ISC DHCP 3.
- Internet Software Consortium Web site: Internet Software Consortium - DHCP.
- US-CERT Technical Cyber Security Alert TA04-174A: Multiple Vulnerabilities in ISC DHCP 3.
- BID-10590: ISC DHCPD Hostname Options Logging Buffer Overflow Vulnerability
- CVE-2004-0460: Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
- MDKSA-2004:061: Updated dhcp packages fix buffer overflow vulnerabilities
- OpenPKG-SA-2004.031: DHCPd
- SA23265: XEROX WorkCentre Products Multiple Vulnerabilities
- US-CERT VU#317350: ISC DHCP contains a stack buffer overflow vulnerability in handling log lines containing ASCII characters only
Platforms Affected:
- ISC DHCPd 3.0.1 rc12
- ISC DHCPd 3.0.1 rc13
- MandrakeSoft Mandrake Linux 10.0
- MandrakeSoft Mandrake Linux 10.0 AMD64
- MandrakeSoft Mandrake Linux 9.2
- MandrakeSoft Mandrake Linux 9.2 AMD64
- OpenPKG OpenPKG 1.3
- OpenPKG OpenPKG 2.0
- OpenPKG OpenPKG CURRENT
Reported:
Jun 22, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net