Rapid7 Vulnerability & Exploit Database

RHSA-2003:034: Updated dhcp packages fix possible packet storm

Back to Search

RHSA-2003:034: Updated dhcp packages fix possible packet storm

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
02/07/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

A potential remote denial of service attack affects version 3 of the ISC DHCPD server. This advisory provides fixed packages for Red Hat Linux 8.0.

The dhcp package provides the ISC Dynamic Host Configuration Protocol (DHCP) server and relay agent. DHCP is a protocol that allows devices to get their own network configuration information from a server. Florian Lohoff reported that the ISC dhcrelay (dhcp-relay) in 3.0rc9 and earlier allows remote attackers to cause a denial of service (packet storm) by constructing a malicious BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop. Red Hat Linux 8.0 shipped with a version of DHCP that is vulnerable to this issue. Other distributions of Red Hat Linux and Red Hat Linux Advanced Server are based on version 2 of DHCP, and are not vulnerable to this issue. These erratum packages contain a patch that introduces a new command line switch to dhcrelay, "-c maxcount". This switch can be used to limit the hopcount and so avoid any infinite loops. We advise users of dhcp-relay to specify a small number for the maximum hop count; for example "dhcrelay -c 10".

Solution(s)

  • redhat-upgrade-dhclient
  • redhat-upgrade-dhcp
  • redhat-upgrade-dhcp-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;