Bug 772924

An unexpected client identifier parameter can cause the ISC DHCP daemon
to segmentation fault when running in DHCPv6 mode, resulting in a denial
of service to further client requests.

In order to exploit this condition, an attacker must be able to send
requests to the DHCP server.

CVE:                       CVE-2012-3570
Document Version:          2.0
Posting date:              24 Jul 2012
Program Impacted:          DHCP
Versions affected:         4.2.0 --> 4.2.4
Severity:                  High
Exploitable:          From adjacent networks

https://kb.isc.org/article/AA-00714

An error in the handling of malformed client identifiers can cause a
DHCP server running affected versions (see "Impact") to enter a state
where further client requests are not processed and the server process
loops endlessly, consuming all available CPU cycles.

Under normal circumstances this condition should not be triggered, but a
non-conforming or malicious client could deliberately trigger it in a
vulnerable server. In order to exploit this condition an attacker must
be able to send requests to the DHCP server .

CVE: CVE-2012-3571
Document Version:          2.0
Posting date: 24 Jul 2012
Program Impacted: DHCP
Versions affected: All versions of 4.2 (including 4.2.x-Px) to 4.2.4;
4.1-ESV through 4.1-ESV-R5; 4.1.2, 4.1.2-P1
Severity: High
Exploitable: Locally - From adjacent networks

https://kb.isc.org/article/AA-00712

The SWAMPID for this issue is 48455.
This issue was rated as moderate.
Please submit fixed packages until 2012-08-08.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

A SP2 test package now in
   $IBS/home:mtomaschewski:branches:SUSE:SLE-11-SP2:Update:Test/dhcp
[OBS follows].

I've picked up a fix for bnc#762108 regression + bnc#770236.

bugbot adjusting priority

Created attachment 501278 [details]
test patch: SLE-11-SP1 dhcp-3.1-ESV client id validation [CVE-2012-3570]

Update released for: dhcp, dhcp-client, dhcp-devel, dhcp-relay, dhcp-server
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)

Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-devel, dhcp-relay, dhcp-server
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)

Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-debugsource, dhcp-devel, dhcp-relay, dhcp-server
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)

Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-debugsource, dhcp-devel, dhcp-relay, dhcp-server
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)

Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-devel, dhcp-relay, dhcp-server
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)

opensuse also done

openSUSE-SU-2012:1006-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 721829,739696,762108,767661,770236,772924
CVE References: CVE-2012-3570,CVE-2012-3571,CVE-2012-3954
Sources used:
openSUSE 12.1 (src):    dhcp-4.2.4.P1-0.6.10.1
openSUSE 11.4 (src):    dhcp-4.2.4.P1-0.27.1

This is an autogenerated message for OBS integration:
This bug (772924) was mentioned in
https://build.opensuse.org/request/show/131781 Evergreen:11.2 / dhcp

This is an autogenerated message for OBS integration:
This bug (772924) was mentioned in
https://build.opensuse.org/request/show/132463 Evergreen:11.2 / dhcp

*** Bug 826698 has been marked as a duplicate of this bug. ***