Bug 772924 - VUL-0: ISC-dhcp: multiple issues
VUL-0: ISC-dhcp: multiple issues
Status: RESOLVED FIXED
: 826698 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle10-sp3:48659 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-25 06:36 UTC by Sebastian Krahmer
Modified: 2015-02-19 00:51 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2012-07-25 06:36:54 UTC
Multiple issues have been found in ISC's DHCP (citations from the reports,
one in issue per bnc-comment):


Two memory leaks have been found and fixed in ISC DHCP. Both are
reproducible when running in DHCPv6 mode (with the -6 command-line
argument.) The first leak is confirmed to only affect servers operating
in DHCPv6 mode, but based on initial code analysis the second may
theoretically affect DHCPv4 servers (though this has not been demonstrated.)

CVE: CVE-2012-3954
Document Version: 2.0
Posting date: 24 July 2012
Program Impacted: ISC DHCP 4
Versions affected: 4.1.x, 4.2.x
Severity: Medium
Exploitable: From networks permitted to send requests to the DHCP server.

https://kb.isc.org/article/AA-00737
Comment 1 Sebastian Krahmer 2012-07-25 06:38:05 UTC
An unexpected client identifier parameter can cause the ISC DHCP daemon
to segmentation fault when running in DHCPv6 mode, resulting in a denial
of service to further client requests.

In order to exploit this condition, an attacker must be able to send
requests to the DHCP server.

CVE:                       CVE-2012-3570
Document Version:          2.0
Posting date:              24 Jul 2012
Program Impacted:          DHCP
Versions affected:         4.2.0 --> 4.2.4
Severity:                  High
Exploitable:          From adjacent networks

https://kb.isc.org/article/AA-00714
Comment 2 Sebastian Krahmer 2012-07-25 06:38:58 UTC
An error in the handling of malformed client identifiers can cause a
DHCP server running affected versions (see "Impact") to enter a state
where further client requests are not processed and the server process
loops endlessly, consuming all available CPU cycles.

Under normal circumstances this condition should not be triggered, but a
non-conforming or malicious client could deliberately trigger it in a
vulnerable server. In order to exploit this condition an attacker must
be able to send requests to the DHCP server .

CVE: CVE-2012-3571
Document Version:          2.0
Posting date: 24 Jul 2012
Program Impacted: DHCP
Versions affected: All versions of 4.2 (including 4.2.x-Px) to 4.2.4;
4.1-ESV through 4.1-ESV-R5; 4.1.2, 4.1.2-P1
Severity: High
Exploitable: Locally - From adjacent networks

https://kb.isc.org/article/AA-00712
Comment 3 Swamp Workflow Management 2012-07-25 13:37:38 UTC
The SWAMPID for this issue is 48455.
This issue was rated as moderate.
Please submit fixed packages until 2012-08-08.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Marius Tomaschewski 2012-07-25 20:12:52 UTC
A SP2 test package now in
   $IBS/home:mtomaschewski:branches:SUSE:SLE-11-SP2:Update:Test/dhcp
[OBS follows].

I've picked up a fix for bnc#762108 regression + bnc#770236.
Comment 5 Swamp Workflow Management 2012-07-25 22:00:09 UTC
bugbot adjusting priority
Comment 17 Marius Tomaschewski 2012-08-06 17:05:24 UTC
Created attachment 501278 [details]
test patch: SLE-11-SP1 dhcp-3.1-ESV client id validation [CVE-2012-3570]
Comment 42 Swamp Workflow Management 2012-08-17 12:08:38 UTC
Update released for: dhcp, dhcp-client, dhcp-devel, dhcp-relay, dhcp-server
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 43 Swamp Workflow Management 2012-08-17 12:08:58 UTC
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-devel, dhcp-relay, dhcp-server
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 44 Swamp Workflow Management 2012-08-17 14:15:26 UTC
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-debugsource, dhcp-devel, dhcp-relay, dhcp-server
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 45 Swamp Workflow Management 2012-08-17 14:46:05 UTC
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-debugsource, dhcp-devel, dhcp-relay, dhcp-server
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 46 Swamp Workflow Management 2012-08-17 15:24:06 UTC
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-devel, dhcp-relay, dhcp-server
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 47 Marcus Meissner 2012-08-20 14:18:44 UTC
opensuse also done
Comment 48 Swamp Workflow Management 2012-08-20 15:09:35 UTC
openSUSE-SU-2012:1006-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 721829,739696,762108,767661,770236,772924
CVE References: CVE-2012-3570,CVE-2012-3571,CVE-2012-3954
Sources used:
openSUSE 12.1 (src):    dhcp-4.2.4.P1-0.6.10.1
openSUSE 11.4 (src):    dhcp-4.2.4.P1-0.27.1
Comment 49 Bernhard Wiedemann 2012-08-27 15:00:15 UTC
This is an autogenerated message for OBS integration:
This bug (772924) was mentioned in
https://build.opensuse.org/request/show/131781 Evergreen:11.2 / dhcp
Comment 50 Bernhard Wiedemann 2012-09-04 07:00:15 UTC
This is an autogenerated message for OBS integration:
This bug (772924) was mentioned in
https://build.opensuse.org/request/show/132463 Evergreen:11.2 / dhcp
Comment 51 Leonardo Chiquitto 2013-07-09 14:21:47 UTC
*** Bug 826698 has been marked as a duplicate of this bug. ***