Bugzilla – Bug 772924
VUL-0: ISC-dhcp: multiple issues
Last modified: 2015-02-19 00:51:01 UTC
Multiple issues have been found in ISC's DHCP (citations from the reports, one in issue per bnc-comment): Two memory leaks have been found and fixed in ISC DHCP. Both are reproducible when running in DHCPv6 mode (with the -6 command-line argument.) The first leak is confirmed to only affect servers operating in DHCPv6 mode, but based on initial code analysis the second may theoretically affect DHCPv4 servers (though this has not been demonstrated.) CVE: CVE-2012-3954 Document Version: 2.0 Posting date: 24 July 2012 Program Impacted: ISC DHCP 4 Versions affected: 4.1.x, 4.2.x Severity: Medium Exploitable: From networks permitted to send requests to the DHCP server. https://kb.isc.org/article/AA-00737
An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server. CVE: CVE-2012-3570 Document Version: 2.0 Posting date: 24 Jul 2012 Program Impacted: DHCP Versions affected: 4.2.0 --> 4.2.4 Severity: High Exploitable: From adjacent networks https://kb.isc.org/article/AA-00714
An error in the handling of malformed client identifiers can cause a DHCP server running affected versions (see "Impact") to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server . CVE: CVE-2012-3571 Document Version: 2.0 Posting date: 24 Jul 2012 Program Impacted: DHCP Versions affected: All versions of 4.2 (including 4.2.x-Px) to 4.2.4; 4.1-ESV through 4.1-ESV-R5; 4.1.2, 4.1.2-P1 Severity: High Exploitable: Locally - From adjacent networks https://kb.isc.org/article/AA-00712
The SWAMPID for this issue is 48455. This issue was rated as moderate. Please submit fixed packages until 2012-08-08. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
A SP2 test package now in $IBS/home:mtomaschewski:branches:SUSE:SLE-11-SP2:Update:Test/dhcp [OBS follows]. I've picked up a fix for bnc#762108 regression + bnc#770236.
bugbot adjusting priority
Created attachment 501278 [details] test patch: SLE-11-SP1 dhcp-3.1-ESV client id validation [CVE-2012-3570]
Update released for: dhcp, dhcp-client, dhcp-devel, dhcp-relay, dhcp-server Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-devel, dhcp-relay, dhcp-server Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-debugsource, dhcp-devel, dhcp-relay, dhcp-server Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-debugsource, dhcp-devel, dhcp-relay, dhcp-server Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-devel, dhcp-relay, dhcp-server Products: SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
opensuse also done
openSUSE-SU-2012:1006-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 721829,739696,762108,767661,770236,772924 CVE References: CVE-2012-3570,CVE-2012-3571,CVE-2012-3954 Sources used: openSUSE 12.1 (src): dhcp-4.2.4.P1-0.6.10.1 openSUSE 11.4 (src): dhcp-4.2.4.P1-0.27.1
This is an autogenerated message for OBS integration: This bug (772924) was mentioned in https://build.opensuse.org/request/show/131781 Evergreen:11.2 / dhcp
This is an autogenerated message for OBS integration: This bug (772924) was mentioned in https://build.opensuse.org/request/show/132463 Evergreen:11.2 / dhcp
*** Bug 826698 has been marked as a duplicate of this bug. ***