CVE-2012-3571: An Error in the Handling of Malformed Client Identifiers can Cause a Denial-of-Service Condition in Affected Servers

AA-00712

An error in the handling of malformed client identifiers can cause a denial-of-service condition in affected servers.

Document Version:          
2.1
Posting date: 
24 Jul 2012
Program Impacted: 
DHCP
Versions affected: 
All versions of 4.2 (including 4.2.x-Px) to 4.2.4; 4.1-ESV through 4.1-ESV-R5; 4.1.2, 4.1.2-P1
Severity: 
High
Exploitable: 
Locally - From adjacent networks

Description: 

An error in the handling of malformed client identifiers can cause a DHCP server running affected versions (see "Impact") to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles.

Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server .

Impact:

Causes the server process to loop endlessly, resulting in a denial of service.  NOTE: ISC DHCP 3.0.x and ISC DHCP 4.0.x are EOL and have not been tested for this vulnerability. Versions of ISC DHCP that are vulnerable to CVE-2010-2156 (including 4.1.0 through 4.1.1-P1) can be expected to terminate unexpectedly instead of looping endlessly.

CVSS Score: 6.1

CVSS Equation:  (AV:A/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:A/AC:L/Au:N/C:N/I:N/A:C)

Workarounds:

None.

Active exploits: 

None known at this time.

Solution: 

Upgrade affected systems to DHCP 4.1-ESV-R6 or DHCP 4.2.4-P1

DHCP 4.2.4-P1 is available from www.isc.org/downloads/all

DHCP 4.1-ESV-R6 is available from www.isc.org/downloads/all

Acknowledgment: 
Markus Hietava of Codenomicon CROSS project for finding the vulnerability, and CERT-FI for vulnerability coordination.

Document Revision History:

1.0 - 03 July 2012 Phase I notified
1.1 - 13 July 2012 HOLD notice sent to Phase 1 regarding new CVE being added and new public release date
1.2 - 23 July 2012 Phase 2 & 3 notified
2.0 - 24 July 2012 Phase 4-Public released
2.1 - 30 July 2012 Added Chinese translation

References: