CVE-2012-3570: An Error in the Handling of an Unexpected Client Identifiers can Cause Server Crash When Serving DHCPv6

AA-00714

Title:  An error in the handling of an unexpected client identifiers can cause a server crash when serving DHCPv6.

Document Version:          2.1
Posting date: 
24 Jul 2012
Program Impacted: 
DHCP
Versions affected: 
4.2.0 --> 4.2.4
Severity: 
High
Exploitable: 
From adjacent networks

Description: 

An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. 

In order to exploit this condition, an attacker must be able to send requests to the DHCP server.

Impact:

Causes the server process to crash when a buffer overflows, resulting in a denial of service.  NOTE: DHCP versions 4.0 -->4.1.x are NOT impacted.

CVSS Score: 6.1

CVSS Equation:  (AV:A/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:A/AC:L/Au:N/C:N/I:N/A:C)

Workarounds: 

None.

Active exploits: 

None known at this time.

Solution: 
Upgrade affected systems to DHCP 4.2.4-P1

DHCP 4.2.4-P1 is available from www.isc.org/downloads/all

Acknowledgment: 
Markus Hietava of Codenomicon CROSS project for finding the vulnerability, and CERT-FI for vulnerability coordination.

Document Revision History:

1.0 - 03 July 2012 - Phase I notified
1.1 - 13 July 2012 HOLD notice sent to Phase 1 regarding new CVE being added and new public release date
1.2 - 23 July 2012 Phase 2 & 3 notified
2.0 - 24 July 2012 Phase 4-Public release
2.1 - 30 July 2012 Added Chinese Translation

References:

This security advisory is also located in our KnowledgeBase: https://kb.isc.org/Article/AA-00714

Note: ISC patches only Currently supported versions. When possible we indicate EOL versions affected.

If you'd like more information on our Forum or BIND/DHCP support please visit www.isc.org/software/guild or www.isc.org/support