=====================================================================
                        CERT-Renater
            Note d'Information No. 2012/VULN035
_____________________________________________________________________
DATE                : 13/01/2012
HARDWARE PLATFORM(S): /
OPERATING SYSTEM(S) : Systems running ISC DHCP versions 4.2.2, 4.2.3, 
4.2.3-P1.
======================================================================
https://lists.isc.org/pipermail/dhcp-announce/2012-January/000321.html
______________________________________________________________________
This is a security advisory for users of ISC DHCP software.
The original advisory can be found on the ISC web site at:
https://www.isc.org/software/dhcp/advisories/cve-2011-4868
In coordination with this announcement, ISC is releasing
DHCP 4.2.3-P2 to correct the error condition which is
described in the advisory.  Please review the advisory to
see whether you are running a vulnerable version and using
features which expose the vulnerability and upgrade if
necessary.  Release notes for DHCP 4.2.3-P2 can be found at:
https://deepthought.isc.org/article/AA-00595
----
Title:
    An Error in DDNS Processing of DHCPv6 Leases Can Cause a
    Crash in ISC dhcpd
Summary:
    Improper handling of Dynamic DNS information associated with
    DHCPv6 leases can cause a segmentation fault in ISC DHCP servers
    using IPv6 and Dynamic DNS, resulting in denial of service to
    clients.
Document ID:  1.2
CVE: CVE-2011-4868
Document Version: 1.0
Posting date: 12 January 2012
Program Impacted: ISC DHCP
Versions affected:
    4.2.2, 4.2.3, 4.2.3-P1.
    Version 4.2.1 and previous are not vulnerable.
Severity: High
Exploitable: Remotely
Description:
    Due to improper handling of a DHCPv6 lease structure, ISC DHCP
    servers that are serving IPv6 address pools AND using Dynamic
    DNS can encounter a segmentation fault error while updating
    lease status under certain conditions. The potential exists for
    this condition to be intentionally triggered, resulting in
    effective denial of service to clients expecting service from
    the affected server. Users of affected versions who use DHCPv6
    and Dynamic DNS should upgrade to version 4.2.3-P2.
CVSS Score: 6.1
CVSS Equation:
    For more information on the Common Vulnerability Scoring System and to
    obtain your specific environmental score please visit:
 
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=%28AV:A/AC:L/Au:N/C:N/I:N/A:C%29
Workarounds:
    No known workarounds, please upgrade.
    Note: Your server is not vulnerable to this condition if:
    - you are not running an affected version of ISC DHCP, or
    - you are not using Dynamic DNS, or
    - you are not issuing DHCPv6 leases
Solution:
    Upgrade to ISC DHCP 4.2.3-P2. This can be downloaded from:
    http://www.isc.org/software/dhcp
Exploit Status: No known active exploits
Acknowledgment:
    ISC would like to thank Jasper Jongmans for finding and reporting
    this issue.
Document Revision History:
    1.0 05 January 2012 - Phase I notified
    1.1 11 January 2012 - Phase II & III notified
    1.2 12 January 2012 - Public Release
References:
- Do you have Questions? Questions regarding this advisory should go to
security-officer at isc.org.
- ISC Security Vulnerability Disclosure Policy: Details of our current
security advisory policy and practice can be found here:
https://www.isc.org/security-vulnerability-disclosure-policy
Legal Disclaimer:
Internet Systems Consortium (ISC) is providing this notice on an
"AS IS" basis. No warranty or guarantee of any kind is expressed
in this notice and none should be implied. ISC expressly excludes
and disclaims any warranties regarding this notice or materials
referred to in this notice, including, without limitation, any
inferred warranty of merchantability, fitness for a particular
purpose, absence of hidden defects, or of non-infringement. Your
use of, or reliance on, this notice or materials referred to in
this notice is at your own risk. ISC may change this notice at any
time.
A stand-alone copy or paraphrase of the text of this document that
omits the distribution URL in the following section is an uncontrolled
copy. Uncontrolled copies may lack important information, be out
of date, or contain factual errors.
======================================================================
 
=========================================================
                    Les serveurs de référence du CERT-Renater
                    http://www.urec.fr/securite
                    http://www.cru.fr/securite
                    http://www.renater.fr
 
=========================================================
                    + CERT-RENATER          | tel : 01-53-94-20-44 
     +
                    + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41 
     +
                    + 75013 Paris           | email: certsvp@renater.fr 
     +
 
=========================================================
--------------ms070309040800050606060903