Bug 1083303 - (CVE-2018-5733) VUL-0: CVE-2018-5733: dhcp: reference count overflow bug in dhcpd
(CVE-2018-5733)
VUL-0: CVE-2018-5733: dhcp: reference count overflow bug in dhcpd
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/201005/
CVSSv3:SUSE:CVE-2018-5733:5.9:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-28 13:40 UTC by Alexander Bergmann
Modified: 2018-10-23 16:09 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Marcus Meissner 2018-02-28 20:23:13 UTC
https://kb.isc.org/article/AA-01567

CVE-2018-5733: A malicious client can overflow a reference counter in ISC dhcpd
Author: Michael McNally Reference Number: AA-01567 Views: 237 Created: 2018-02-21 23:45 Last Updated: 2018-02-28 15:28 	0 Rating/ Voters 	
CVE: 
CVE-2018-5733
Document Version: 
2.0
Posting date: 
28 February 2018
Program Impacted: 
DHCP
Versions affected: 
4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
Severity: 
Medium
Exploitable: 
Remotely

Description:

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash.

Impact:

Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients.

CVSS Score:  5.9

CVSS Vector:  CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Workarounds:

None.

Active exploits:

No known active exploits.

Solution:  Upgrade to the patched release most closely related to your current version of DHCP.

    DHCP 4.1-ESV-R15-P1
    DHCP 4.3.6-P1
    DHCP 4.4.1

Acknowledgements: ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability.

Document Revision History:

1.0 Advance Notification 21 February 2018
2.0 Public Disclosure 28 February 2018
Comment 6 Swamp Workflow Management 2018-03-20 17:10:11 UTC
This is an autogenerated message for OBS integration:
This bug (1083303) was mentioned in
https://build.opensuse.org/request/show/589263 Factory / dhcp
Comment 7 Swamp Workflow Management 2018-03-26 13:14:23 UTC
SUSE-SU-2018:0810-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1083302,1083303
CVE References: CVE-2018-5732,CVE-2018-5733
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    dhcp-4.2.4.P2-0.28.8.1
SUSE Linux Enterprise Server 11-SP4 (src):    dhcp-4.2.4.P2-0.28.8.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    dhcp-4.2.4.P2-0.28.8.1
Comment 8 Swamp Workflow Management 2018-03-26 13:15:52 UTC
SUSE-SU-2018:0812-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1083302,1083303
CVE References: CVE-2018-5732,CVE-2018-5733
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    dhcp-4.3.3-10.14.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    dhcp-4.3.3-10.14.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    dhcp-4.3.3-10.14.1
SUSE Linux Enterprise Server 12-SP3 (src):    dhcp-4.3.3-10.14.1
SUSE Linux Enterprise Server 12-SP2 (src):    dhcp-4.3.3-10.14.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    dhcp-4.3.3-10.14.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    dhcp-4.3.3-10.14.1
Comment 9 Andreas Stieger 2018-03-27 04:21:22 UTC
release for Leap, done
Comment 10 Swamp Workflow Management 2018-03-27 10:12:17 UTC
openSUSE-SU-2018:0827-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1083302,1083303
CVE References: CVE-2018-5732,CVE-2018-5733
Sources used:
openSUSE Leap 42.3 (src):    dhcp-4.3.3-11.6.1
Comment 12 Swamp Workflow Management 2018-10-23 16:09:08 UTC
SUSE-SU-2018:0810-2: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1083302,1083303
CVE References: CVE-2018-5732,CVE-2018-5733
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    dhcp-4.2.4.P2-0.28.8.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    dhcp-4.2.4.P2-0.28.8.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    dhcp-4.2.4.P2-0.28.8.1