Home » Mailing list archives » netbsd-announce » 2009 » July » 28

NetBSD Security Advisory 2009-011: ISC DHCP server Denial of Service vulnerability

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: NetBSD Security Officer <security-officer@...>
To: NetBSD Announcements <netbsd-announce@...>
Subject: NetBSD Security Advisory 2009-011: ISC DHCP server Denial of Service vulnerability
Date: Tuesday, July 28, 2009 - 5:51 pm

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1


		 NetBSD Security Advisory 2009-011

		 =================================


Topic:		ISC DHCP server Denial of Service vulnerability


Version:	NetBSD-current:		affected prior to 2009-07-16

		NetBSD 5.0:		affected

		NetBSD 4.0.*:		affected

		NetBSD 4.0:		affected

		pkgsrc:			isc-dhcpd package prior to 3.1.1p1


Severity:	Denial of Service


Fixed:		NetBSD-current:		Jul 16, 2009

		NetBSD-5-0 branch:	Jul 17, 2009

		NetBSD-5 branch:	Jul 17, 2009

		NetBSD-4-0 branch:	Jul 17, 2009

		NetBSD-4 branch:	Jul 17, 2009

		pkgsrc 2009Q2:		isc-dhcpd-3.1.1p1 corrects this issue


Please note that NetBSD releases prior to 4.0 are no longer supported.

It is recommended that all users upgrade to a supported release.


Abstract

========


A reference counting error in dhcpd allows a remote attacker to cause

a daemon crash by submitting requests with the same client ID on

different interfaces served by the same daemon.


This vulnerability has been assigned CVE-2009-1892.


Technical Details

=================


A reference counting error in dhcpd allows a remote attacker to cause

a daemon crash by submitting requests with the same client ID on

different interfaces served by the same daemon.


This requires that client ID based configurations are mixed in the

configuration file with hardware address based configurations.


Solutions and Workarounds

=========================


In order to fix the vulnerability on your local machine, either

make sure that only client-id based statements or hardware ethernet

statements are used, or upgrade to a non-vulnerable version of

dhcpd.


The following instructions describe how to upgrade your dhcpd

binaries by updating your source tree and rebuilding and

installing a new version of dhcpd.


* NetBSD-current:


	Systems running NetBSD-current dated from before 2009-07-16

	should be upgraded to NetBSD-current dated 2009-07-17 or later.


	The following files/directories need to be updated from the

	netbsd-current CVS branch (aka HEAD):

		dist/dhcp/server


	To update from CVS, re-build, and re-install lorem:

		# cd src

		# cvs update -d -P dist/dhcp/server

		# cd usr.sbin/dhcp

		# make USETOOLS=no cleandir dependall

		# cd server

		# make USETOOLS=no install


* NetBSD 5.*:


	Systems running NetBSD 5.* sources dated from before

	2009-07-17 should be upgraded from NetBSD 5.* sources dated

	2009-07-18 or later.


	The following files/directories need to be updated from the

	netbsd-5 or netbsd-5-0 branches:

		dist/dhcp/server


	To update from CVS, re-build, and re-install dhcpd:


		# cd src

		# cvs update -r  -d -P dist/dhcp/server

		# cd usr.sbin/dhcp

		# make USETOOLS=no cleandir dependall

		# cd server

		# make USETOOLS=no install


* NetBSD 4.*:


	Systems running NetBSD 4.* sources dated from before

	2009-07-17 should be upgraded from NetBSD 4.* sources dated

	2009-07-18 or later.


	The following files/directories need to be updated from the

	netbsd-4 or netbsd-4-0 branches:

		dist/dhcp/server


	To update from CVS, re-build, and re-install dhcpd:


		# cd src

		# cvs update -r  -d -P dist/dhcp/server

		# cd usr.sbin/dhcp

		# make USETOOLS=no cleandir dependall

		# cd server

		# make USETOOLS=no install


Thanks To

=========


Christoph Biedl for discovering and reporting the issue, and Florian

Weimer for the fix.


Revision History

================


	2009-07-28	Initial release


More Information

================


Advisories may be updated as new information becomes available.

The most recent version of this advisory (PGP signed) can be found at

  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-011.t...


Information about NetBSD and NetBSD security can be found at

http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.


Copyright 2009, The NetBSD Foundation, Inc.  All Rights Reserved.

Redistribution permitted only in full, unmodified form.


$NetBSD: NetBSD-SA2009-011.txt,v 1.1 2009/07/28 18:29:29 tonnerre Exp $


-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (NetBSD)


iQIcBAEBAgAGBQJKb0iQAAoJEAZJc6xMSnBujKAP/14r5KM5VfyEfsLgrId7XiKY

Ms28lQ5i7gUI+0hfNPh7QbADIGCim0Gdn3XVybgVNWZcFWNOQWwQfRu+/2Zv9JeG

SLBUp+xJ7eqWxM66oZYvPK4csB18L/qZSWouHdDxA1z64+S8Qsn9pz6Y1hih/eoh

b1WWa9ZcE/7JxYINVCH4RKQIn7TRPWqLex1MWf3jGJafAH3XRpgfCWUbgkTB4CTU

xNahopXzt3Xpdmd8j9kRPzLnP7UEUOwQapcQAJ88tlMISNh5zbRuuxWHJGDwxM3l

pBm65TvItT2N+D2Z/4CkduK8Z1U7nM0pXR/amJOrrotK0kllLMhH+sYZ5lROLx8R

DFHuaDYxPQ0xOySVRc3rnPguatm27TB/BgSiFC/vEU030OXB90dboTDsnQhRn0WI

5jAfC1iKzq/fN6rMsKKaZ718En5lLV8Qcew29IGJUMS8vC5+PZ3yDHOSVXZiFjp0

r8RZj1EucuzJKYT5veqZ2SSSK14elvczclpyBir+GyhEuh9RLS71k/Td9DlsPrMR

XhE3V3/ygyQcBZJ69xn0QGlXHInMPc1aRNDxObg+511i8ugvpb6V71VFQOeF81/7

M7qqAl2W3ojMzHTISXUHRSICB3dyJ8jy9y9GFRpw6UkvUyskuGttYYhA85EuPexi

WVkLaq9xsgfSYqB9+71X

=PW6s

-----END PGP SIGNATURE-----
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
NetBSD 1.6.1 release process has begun, Jan Schaumann, (Thu Jan 30, 1:52 pm)
Summary of Changes to the NetBSD Packages Collection in June..., Alistair Crooks, (Tue Jul 22, 7:45 am)
The NetBSD Foundation is now a 501(c)(3) non-profit organiza..., Luke Mewburn, (Tue Feb 10, 6:05 pm)
NetBSD Security Advisory 2009-011: ISC DHCP server Denial of..., NetBSD Security Officer, (Tue Jul 28, 5:51 pm)
Summary of Changes to the Packages Collection in December 2004, Alistair Crooks, (Tue Jan 4, 6:40 pm)
Summary of Changes to the Packages Collection in March 2005, Alistair Crooks, (Tue May 10, 11:19 am)
Thread scheduling and related interfaces in NetBSD 5.0, Mindaugas Rasiukevicius, (Sun May 3, 4:45 pm)
New, D. Adam Karim, (Sat Sep 3, 7:28 am)
outage to the NetBSD servers Sun April 20th 11:00-12:00 UTC, S.P.Zeidler, (Sat Apr 19, 3:06 pm)
Announcing NetBSD 2.1, Jeff Rizzo, (Wed Nov 2, 4:28 pm)
NetBSD Security Advisory 2006-010: Sendmail race condition, NetBSD Security-Officer, (Wed Mar 29, 9:32 pm)
NetBSD and the Google Summer of Code 2007 Summary, Mark Weinem, (Mon Oct 8, 8:59 pm)
NetBSD Security Advisory 2006-014: An audio subsystem race c..., NetBSD Security-Officer, (Thu Apr 27, 4:40 pm)
The NetBSD 1.6 Release Process has begun!, Todd Vierling, (Tue May 28, 10:50 am)
The pkgsrc-2008Q3 Release, Alistair Crooks, (Tue Oct 14, 7:45 am)
Announcing NetBSD 1.5.3, , (Mon Jul 22, 4:57 pm)
cvsweb is offline on this weekend, SODA Noriyuki, (Fri Jul 28, 7:44 am)
NetBSD Security Advisory 2006-022: BIND recursive query and ..., NetBSD Security-Officer, (Thu Sep 21, 5:45 pm)
Metadata journaling support added to FFS, Jared D. McNeill, (Thu Jul 31, 3:12 pm)