ISC DHCP Can Be Crashed By Remote Users with a Specially Crafted DHCPOFFER Packet
|
|
SecurityTracker Alert ID: 1016755
|
|
SecurityTracker URL: http://securitytracker.com/id?1016755
|
|
CVE Reference: CVE-2006-3122
(Links to External Site)
|
Date: Aug 25 2006
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Version(s): 2.0pl5
|
Description: A vulnerability was reported in ISC's DHCP. A remote user can cause denial of service conditions.
A remote user can send a specially crafted DHCPOFFER packet that is exactly 32 bytes long to cause the target DHCP service to crash.
The
flaw resides in the supersede_lease() function in memory.c.
DHCP version 3 servers are not affected.
Andrew Steets reported
this vulnerability on July 28, 2006.
|
Impact: A remote user can cause the DHCP service to crash.
|
Solution: No solution was available at the time of this entry. DHCP version 3 is reportedly not affected.
|
Vendor URL: www.isc.org/sw/dhcp/ (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 25 Aug 2006 15:39:23 -0400
Subject: DHCP
|
CVE-2006-3122:
The supersede_lease function in memory.c in ISC DHCP server 2.0pl5 allows remote
attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet
with a 32 byte client-identifier, which causes the packet to be interpreted as a
corrupt uid and causes the server to exit with "corrupt lease uid."
|
|
