=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN438
_____________________________________________________________________

DATE                      : 05/11/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running ISC DHCP versions prior to 4.0.2, 4.1.2, or 4.2.0-P1.

======================================================================
http://www.isc.org/software/dhcp/advisories/cve-2010-3611
______________________________________________________________________


DHCP: Server Crash with Empty Link-Address Field

Summary:
If the server receives a DHCPv6 packet containing one or more Relay-Forward
messages, and none of them supply an address in the Relay-Forward link-address
field, then the server will crash. This can be used as a single packet crash
attack vector.

CVE: CVE-2010-3611

CERT: VU#102047

Posting date: 02 Nov 2010
Program Impacted: DHCP
Versions affected: 4.0 through 4.2
Severity: High
Exploitable: remotely
Description:

If the server receives a DHCPv6 packet containing one or more Relay-Forward
messages, and none of them supply an address in the Relay-Forward link-address
field, then the server will crash.  This can be used as a single packet
crash attack vector.

CVSS: 4.2 (for more on CVSS scores and to calculate your environment's specific
risk, please visit: CVSS Calculator)

Impact and Risk Assessment: This can be used as a single packet crash attack
vector if the  server was explicitly configured to serve DHCPv6.

Workarounds:
None.

Active exploits:
None known at this time.

Solution:

Upgrade DHCP to 4.0.2, 4.1.2, or 4.2.0-P1.

Acknowledgment: John Gibbins, for finding issue and testing patch.

Revision History: Added acknowledgment to John Gibbins
Changed date to Nov 2nd

For more information please contact dhcp-bugs@isc.org


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================