Knowledge Base ISC Main Website Ask a Question/Contact ISC
CVE-2011-2748: ISC DHCP Server Halt
Author: Michael McNally Reference Number: AA-00454 Views: 1335 Created: 2011-09-09 23:10 Last Updated: 2012-06-08 13:36 0 Rating/ Voters

ISC DHCP Server Halt

Two issues have been found in DHCP that could allow an attacker to cause the server to halt.
Document Version: 
 1.1
Posting date: 
10 Aug 2011
Program Impacted: 
DHCP
Versions affected: 
3.1.0 through 3.1-ESV-R1 (R2 never released) 4.0 all versions (EOL) 4.1.0 through 4.1.2rc1 4.1-ESV through 4.1-ESV-R3b1 4.2.0 through 4.2.2rc1 All End-of-Life versions of DHCP server are likely to be affected and ISC recommends upgrading to supported versions.
Severity: 
High
Exploitable: 
Remotely
Description: 

A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets. 

Document ID: CVE-2011-2748, CVE-2011-2749

CVSS Score: 7.8

CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvww.cfm?calculator&adv&version=vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Workarounds: 

Limiting DHCP and Bootp packets to only within your administrative domain will limit exposure.

Active exploits: 
ISC received a report for one of the flaws and discovered the other during testing. No public exploits using these bugs are known.
Solution: 

Upgrade to: 3.1-ESV-R3, 4.1-ESV-R3 or 4.2.2 

Please note that this is the last update to 3.1-ESV as it will be End-of-Life after this release. 

Download these versions from https://www.isc.org/downloads/all

Acknowledgment: 
Found by David Zych at University of Illinois

Document Revision History

1.0 27 July 2011 - Phase 1 disclosure

1.1 09 August 2011 - Phase 2 and 3 disclosures

Releated Document: 

References: 

- ISC Security Vulnerability Disclosure Policy: Details of our current security advisory policy and practice can be found here:https://www.isc.org/security-vulnerability-disclosure-policy

Do you have Questions? Questions regarding this advisory should go to security-officer@isc.org.

This security advisory is a copy of the official document located on our website: https://www.isc.org/software/dhcp/advisories/cve-2011-2748

Do you need Software Support? Questions on ISC's Support services or other offerings should be sent to sales@isc.org. More information on ISC's support and other offerings are available at: http://www.isc.org/community/blog/201102/BIND-support

© 2001-2014 Internet Systems Consortium

Feedback
  • Please help us to improve the content of our knowledge base by letting us know how we can improve this article or by submitting suggestions for other articles you'd like to see created. Information on how to obtain further help on our products or services can be found on our main website.' If you have a technical question or problem on which you'd like help, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu