search menu icon-carat-right cmu-wordmark

CERT Coordination Center

ISC DHCP dhclient stack buffer overflow

Vulnerability Note VU#410676

Original Release Date: 2009-07-14 | Last Revised: 2009-07-29

Overview

The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges.

Description

As described in RFC 2131, "The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network." ISC DHCP is a reference implementation of the DHCP protocol, including a DHCP server, client, and relay agent.

The ISC DHCP client code (dhclient) contains a stack buffer overflow in the script_write_params() method. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. According to ISC, the following versions are affected:
DHCP 4.1 (all versions)
DHCP 4.0 (all versions)
DHCP 3.1 (all versions)
DHCP 3.0 (all versions)
DHCP 2.0 (all versions)

Impact

A rogue DHCP server may be able to execute arbitrary code with root privileges on a vulnerable client system.

Solution

Apply a patch or update from your vendor

For vendor-specific information regarding vulnerable status and patch availability, please see the Systems Affected section of this document.

Upgrade your version of DHCP

Upgrade your system as specified by your vendor. If you need to upgrade DHCP manually, according to ISC:
Upgrade to 4.1.0p1, 4.0.1p1, or 3.1.2p1

There are no fixes planned for DHCP 3.0 or DHCP 2.0, as those release trains have reached End-Of-Life.

Vendor Information

410676
 

View all 95 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by ISC, who in turn credit the Mandriva Linux Engineering Team with discovering and reporting the vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2009-0692
Severity Metric: 19.95
Date Public: 2009-07-14
Date First Published: 2009-07-14
Date Last Updated: 2009-07-29 16:45 UTC
Document Revision: 27

Sponsored by CISA.