The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. |
|
 |
|
|
Synthesis of the vulnerability 
An attacker can send to ISC DHCP an IPv6 lease renewal query, with a malicious expiration date, in order to stop it.
Vulnerable software: Debian, Fedora, ISC DHCP, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity of this announce: 2/4.
Creation date: 13/09/2012.
Références of this computer vulnerability: AA-00779, BID-55530, CERTA-2012-AVI-501, CERTA-2012-AVI-679, CVE-2012-3955, DSA-2551-1, FEDORA-2012-14076, FEDORA-2012-14149, MDVSA-2012:153, MDVSA-2012:153-1, openSUSE-SU-2012:1234-1, openSUSE-SU-2012:1252-1, openSUSE-SU-2012:1254-1, RHSA-2013:0504-02, SSA:2012-258-01, SUSE-SU-2012:1327-1, VIGILANCE-VUL-11941.
Description of the vulnerability 
The ISC DHCP service provides an IP address to clients, which is valid during the duration of the lease.
The client can query a lease renewal, in order to extend it. However, an IPv6 client can query a lease renewal with a short duration, so that the new ending date is anterior to the previously obtained ending date. In this case, a computation error occurs in ISC DHCP, and it stops.
An attacker can therefore send to ISC DHCP an IPv6 lease renewal query, with a malicious expiration date, in order to stop it. Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
This vulnerability note impacts software or systems such as Debian, Fedora, ISC DHCP, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Our Vigil@nce team determined that the severity of this cybersecurity vulnerability is medium.
The trust level is of type confirmed by the editor, with an origin of LAN.
An attacker with a expert ability can exploit this computer threat note.
Solutions for this threat 
ISC DHCP: version 4.2.4-P2.
The version 4.2.4-P2 is corrected:
http://www.isc.org/downloads/all
ISC DHCP: version 4.1-ESV-R7.
The version 4.1-ESV-R7 is corrected:
http://www.isc.org/downloads/all
Debian: new isc-dhcp packages.
New packages are available:
isc-dhcp 4.1.1-P1-15+squeeze8
Fedora: new dhcp packages.
New packages are available:
dhcp-4.2.4-1.P2.fc16
dhcp-4.2.4-13.P2.fc17
Mandriva: new dhcp packages.
New packages are available:
dhcp-4.2.4-0.P2.0.1-mdv2011.0
dhcp-4.1.2-0.8mdvmes5.2
RHEL 6: new dhcp packages.
New packages are available:
dhcp-4.1.1-34.P1.el6
Slackware: new dhcp packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/dhcp-4.1_ESV_R7-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/dhcp-4.1_ESV_R7-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/dhcp-4.1_ESV_R7-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/dhcp-4.1_ESV_R7-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/dhcp-4.1_ESV_R7-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/dhcp-4.1_ESV_R7-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/dhcp-4.2.4_P2-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/dhcp-4.2.4_P2-x86_64-1_slack13.37.txz
Solaris 11.0: patch 11/11 SRU 13.4.
A SRU is available:
https://support.oracle.com/rs?type=doc&id=1506900.1
Solaris 11.1: patch 11.1.1.4.
A SRU is available:
https://support.oracle.com/rs?type=doc&id=1507225.1
SUSE: new dhcp packages.
New packages are available:
openSUSE 11.4 : dhcp-4.2.4.P2-0.30.1
openSUSE 12.1 : dhcp-4.2.4.P2-0.6.13.1
openSUSE 12.2 : dhcp-4.2.4.P2-0.1.4.1
SUSE LE 11 : dhcp-4.2.4.P2-0.5.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
Computer vulnerabilities tracking service 
Vigil@nce provides an application vulnerability alert. The Vigil@nce vulnerability database contains several thousand vulnerabilities.
|