|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
ISC DHCP: buffer overflow of decode_udp_ip_header
Synthesis of the vulnerability
An attacker can generate a buffer overflow by sending an IPv4+UDP packet to an ISC DHCP client or server, in order to trigger a denial of service, and possibly to run code.
Impacted systems: SNS, ArubaOS, Debian, BIG-IP Hardware, TMOS, Fedora, ISC DHCP, NETASQ, openSUSE, openSUSE Leap, Slackware, Ubuntu.
Severity of this alert: 3/4.
Consequences of an intrusion: user access/rights, denial of service on service.
Pirate's origin: LAN.
Creation date: 13/01/2016.
Références of this alert: AA-01334, ARUBA-PSA-2016-007, CERTFR-2016-AVI-167, CVE-2015-8605, DSA-3442-1, FEDORA-2016-0c5bb21bf1, FEDORA-2016-adb533a418, openSUSE-SU-2016:0601-1, openSUSE-SU-2016:0610-1, SOL57500018, SSA:2016-012-01, STORM-2015-018, USN-2868-1, VIGILANCE-VUL-18707.
Description of the vulnerability
The DHCP protocol uses UDP packets.
The decode_udp_ip_header() function of the common/packet.c file of ISC DHCP decodes these UDP packets. However, if the size indicated in the IPv4 header for UDP data is too large, an overflow occurs.
An attacker can therefore generate a buffer overflow by sending an IPv4+UDP packet to an ISC DHCP client or server, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities management. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.