The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of ISC DHCP: denial of service via IPv6 Lease Expiration

Synthesis of the vulnerability 

An attacker can send to ISC DHCP an IPv6 lease renewal query, with a malicious expiration date, in order to stop it.
Vulnerable software: Debian, Fedora, ISC DHCP, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity of this announce: 2/4.
Creation date: 13/09/2012.
Références of this computer vulnerability: AA-00779, BID-55530, CERTA-2012-AVI-501, CERTA-2012-AVI-679, CVE-2012-3955, DSA-2551-1, FEDORA-2012-14076, FEDORA-2012-14149, MDVSA-2012:153, MDVSA-2012:153-1, openSUSE-SU-2012:1234-1, openSUSE-SU-2012:1252-1, openSUSE-SU-2012:1254-1, RHSA-2013:0504-02, SSA:2012-258-01, SUSE-SU-2012:1327-1, VIGILANCE-VUL-11941.

Description of the vulnerability 

The ISC DHCP service provides an IP address to clients, which is valid during the duration of the lease.

The client can query a lease renewal, in order to extend it. However, an IPv6 client can query a lease renewal with a short duration, so that the new ending date is anterior to the previously obtained ending date. In this case, a computation error occurs in ISC DHCP, and it stops.

An attacker can therefore send to ISC DHCP an IPv6 lease renewal query, with a malicious expiration date, in order to stop it.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability note impacts software or systems such as Debian, Fedora, ISC DHCP, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this cybersecurity vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of LAN.

An attacker with a expert ability can exploit this computer threat note.

Solutions for this threat 

ISC DHCP: version 4.2.4-P2.
The version 4.2.4-P2 is corrected:
  http://www.isc.org/downloads/all

ISC DHCP: version 4.1-ESV-R7.
The version 4.1-ESV-R7 is corrected:
  http://www.isc.org/downloads/all

Debian: new isc-dhcp packages.
New packages are available:
  isc-dhcp 4.1.1-P1-15+squeeze8

Fedora: new dhcp packages.
New packages are available:
  dhcp-4.2.4-1.P2.fc16
  dhcp-4.2.4-13.P2.fc17

Mandriva: new dhcp packages.
New packages are available:
  dhcp-4.2.4-0.P2.0.1-mdv2011.0
  dhcp-4.1.2-0.8mdvmes5.2

RHEL 6: new dhcp packages.
New packages are available:
  dhcp-4.1.1-34.P1.el6

Slackware: new dhcp packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/dhcp-4.1_ESV_R7-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/dhcp-4.1_ESV_R7-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/dhcp-4.1_ESV_R7-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/dhcp-4.1_ESV_R7-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/dhcp-4.1_ESV_R7-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/dhcp-4.1_ESV_R7-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/dhcp-4.2.4_P2-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/dhcp-4.2.4_P2-x86_64-1_slack13.37.txz

Solaris 11.0: patch 11/11 SRU 13.4.
A SRU is available:
  https://support.oracle.com/rs?type=doc&id=1506900.1

Solaris 11.1: patch 11.1.1.4.
A SRU is available:
  https://support.oracle.com/rs?type=doc&id=1507225.1

SUSE: new dhcp packages.
New packages are available:
  openSUSE 11.4 : dhcp-4.2.4.P2-0.30.1
  openSUSE 12.1 : dhcp-4.2.4.P2-0.6.13.1
  openSUSE 12.2 : dhcp-4.2.4.P2-0.1.4.1
  SUSE LE 11 : dhcp-4.2.4.P2-0.5.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an application vulnerability alert. The Vigil@nce vulnerability database contains several thousand vulnerabilities.