The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of ISC DHCP: three vulnerabilities

Synthesis of the vulnerability 

An attacker can send malicious packets to an ISC DHCP server, in order to stop it, and possibly to execute code.
Impacted systems: Debian, Fedora, ISC DHCP, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity of this alert: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/07/2012.
Références of this alert: BID-54665, CERTA-2012-AVI-406, CVE-2012-3570, CVE-2012-3571, CVE-2012-3954, DSA-2516-1, DSA-2519-1, DSA-2519-2, FEDORA-2012-11079, FEDORA-2012-11110, MDVSA-2012:115, MDVSA-2012:116, openSUSE-SU-2012:1006-1, RHSA-2012:1140-01, RHSA-2012:1141-01, SSA:2012-237-01, SUSE-SU-2012:1002-1, SUSE-SU-2012:1003-1, SUSE-SU-2012:1005-1, VIGILANCE-VUL-11795.

Description of the vulnerability 

Several vulnerabilities were announced in ISC DHCP.

An attacker can send a DHCPv6 query with a long Client Identifier, in order to generate a buffer overflow. [severity:3/4; CVE-2012-3570]

An attacker can send a DHCP query with a Client Identifier of null length, in order to generate an infinite loop. [severity:2/4; CVE-2012-3571]

An attacker can send a malformed query, in order to generate two memory leaks, which progressively leads to a denial of service. [severity:1/4; CVE-2012-3954]

An attacker can therefore send malicious packets to an ISC DHCP server, in order to stop it, and possibly to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness alert impacts software or systems such as Debian, Fedora, ISC DHCP, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this weakness note is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 3 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this weakness bulletin.

Solutions for this threat 

ISC DHCP: version 4.1-ESV-R6.
The version 4.1-ESV-R6 is corrected:
  http://www.isc.org/downloads/all
  http://www.isc.org/software/dhcp/41-esv-r6

ISC DHCP: version 4.2.4-P1.
The version 4.2.4-P1 is corrected:
  http://www.isc.org/downloads/all

Debian: new isc-dhcp packages.
New packages are available:
  isc-dhcp 4.1.1-P1-15+squeeze6

Fedora: new dhcp packages.
New packages are available:
  dhcp-4.2.3-11.P2.fc16
  dhcp-4.2.4-9.P1.fc17

Mandriva: new dhcp packages.
New packages are available:
  dhcp-4.2.4-0.P1.1.1-mdv2011.0
  dhcp-4.1.2-0.7mdvmes5.2

RHEL: new dhcp packages.
New packages are available:
  dhcp-3.0.5-31.el5_8.1
  dhcp-4.1.1-31.P1.el6_3.1

Slackware: new dhcp packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/dhcp-4.1_ESV_R6-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/dhcp-4.1_ESV_R6-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/dhcp-4.1_ESV_R6-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/dhcp-4.1_ESV_R6-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/dhcp-4.1_ESV_R6-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/dhcp-4.1_ESV_R6-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/dhcp-4.2.4_P1-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/dhcp-4.2.4_P1-x86_64-1_slack13.37.txz

Solaris 11: patch 11/11 SRU 10.5.
A patch is available:
  https://support.oracle.com/CSP/main/article?type=NOT&id=1484475.1

SUSE: new dhcp packages.
New packages are available:
  openSUSE 11.4 : dhcp-4.2.4.P1-0.27.1
  openSUSE 12.1 : dhcp-4.2.4.P1-0.6.10.1
  SUSE LE 10 : dhcp-3.0.7-7.17.1
  SUSE LE 11 SP1 : dhcp-3.1.3.ESV-0.17.1
  SUSE LE 11 SP2 : dhcp-4.2.4.P1-0.5.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an application vulnerability workaround. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.