ISC DHCP daemon C include file buffer overflow
| dhcp-c-include-bo (16476) |  High Risk |
Description:
Internet Software Consortium (ISC) Dynamic Host Configuration Protocol (DHCP) daemon is vulnerable to a buffer overflow. C include files define the vsnprintf function to the vsprintf function for systems that do not support the vsnprintf function. The vsprintf function, however, fails to perform boundary checking. By sending a specially-crafted packet to DHCPD listening on UDP port 67, a remote attacker could overflow a buffer and cause DHCPD to crash and possibly execute arbitrary code on the server with the privileges of the DHCPD process, typically root.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of ISC DHCP (3.0.1rc14 or later), available from the Internet Software Consortium Web site. See References.
For Mandrake Linux:
Upgrade to the latest dhcp package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:061: dhcp for more information.See References.
Mandrake Linux 9.2: 3.0-1.rc14.0.1.92mdk or later
Mandrake Linux 10.0: 3.0-1.rc14.0.1.100mdk or later
For SuSE Linux:
Upgrade to the latest dhcp package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2004:019 for more information. See References.
x86 Platform:
SuSE Linux 9.1: 3.0.1rc13-28.15.i586 or later
SuSE Linux 9.0: 3.0.1rc12-71.i586 or later
SuSE Linux 8.2: 3.0.1rc10-61.i586 or later
SuSE Linux 8.1: 3.0.1rc9-144.i586 or later
SuSE Linux 8.0: 3.0.1rc6-22.i386 or later
x86-64 Platform:
SuSE Linux 9.1: 3.0.1rc13-28.15.x86_64 or later
SuSE Linux 9.0: 3.0.1rc12-71.x86_64 or later
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Mon Jun 28 2004 - 00:23:53 CDT: ISC DHCP overflows.
- CIAC Information Bulletin 0-177: Multiple Vulnerabilities in ISC DHCP 3.
- Internet Software Consortium Web site: Internet Software Consortium - DHCP.
- US-CERT Technical Cyber Security Alert TA04-174A: Multiple Vulnerabilities in ISC DHCP 3.
- BID-10591: ISC DHCPD VSPRINTF Buffer Overflow Vulnerability
- CVE-2004-0461: The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.
- MDKSA-2004:061: Updated dhcp packages fix buffer overflow vulnerabilities
- OpenPKG-SA-2004.031: DHCPd
- SA23265: XEROX WorkCentre Products Multiple Vulnerabilities
- US-CERT VU#654390: ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions
Platforms Affected:
- Cygwin Cygwin
- Digital Ultrix
- ISC DHCPd 3.0.1 rc12
- ISC DHCPd 3.0.1 rc13
- MandrakeSoft Mandrake Linux 10.0 AMD64
- MandrakeSoft Mandrake Linux 10.0
- MandrakeSoft Mandrake Linux 9.2
- MandrakeSoft Mandrake Linux 9.2 AMD64
- NeXT NeXTSTEP
- OpenPKG OpenPKG 1.3
- OpenPKG OpenPKG 2.0
- OpenPKG OpenPKG CURRENT
- SCO Caldera OpenServer
- SCO Caldera OpenUnix
- Sun SunOS 4.0
- Sun SunOS 5.5
- SUSE SuSE Linux 8.0
- SUSE SuSE Linux 8.1
- SUSE SuSE Linux 8.2
- SUSE SuSE Linux 9.0
- SUSE SuSE Linux 9.1
Reported:
Jun 22, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net