Home » Mailing list archives » netbsd-announce » 2009 » July » 28

NetBSD Security Advisory 2009-011: ISC DHCP server Denial of Service vulnerability

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: NetBSD Security Officer
Subject: NetBSD Security Advisory 2009-011: ISC DHCP server Denial of Service vulnerability
Date: Tuesday, July 28, 2009 - 2:51 pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


		 NetBSD Security Advisory 2009-011
		 =================================

Topic:		ISC DHCP server Denial of Service vulnerability

Version:	NetBSD-current:		affected prior to 2009-07-16
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			isc-dhcpd package prior to 3.1.1p1

Severity:	Denial of Service

Fixed:		NetBSD-current:		Jul 16, 2009
		NetBSD-5-0 branch:	Jul 17, 2009
		NetBSD-5 branch:	Jul 17, 2009
		NetBSD-4-0 branch:	Jul 17, 2009
		NetBSD-4 branch:	Jul 17, 2009
		pkgsrc 2009Q2:		isc-dhcpd-3.1.1p1 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

A reference counting error in dhcpd allows a remote attacker to cause
a daemon crash by submitting requests with the same client ID on
different interfaces served by the same daemon.

This vulnerability has been assigned CVE-2009-1892.


Technical Details
=================

A reference counting error in dhcpd allows a remote attacker to cause
a daemon crash by submitting requests with the same client ID on
different interfaces served by the same daemon.

This requires that client ID based configurations are mixed in the
configuration file with hardware address based configurations.


Solutions and Workarounds
=========================

In order to fix the vulnerability on your local machine, either
make sure that only client-id based statements or hardware ethernet
statements are used, or upgrade to a non-vulnerable version of
dhcpd.

The following instructions describe how to upgrade your dhcpd
binaries by updating your source tree and rebuilding and
installing a new version of dhcpd.

* NetBSD-current:

	Systems running NetBSD-current dated from before 2009-07-16
	should be upgraded to NetBSD-current dated 2009-07-17 or later.

	The following files/directories need to be updated from the
	netbsd-current CVS branch (aka HEAD):
		dist/dhcp/server

	To update from CVS, re-build, and re-install lorem:
		# cd src
		# cvs update -d -P dist/dhcp/server
		# cd usr.sbin/dhcp
		# make USETOOLS=no cleandir dependall
		# cd server
		# make USETOOLS=no install

* NetBSD 5.*:

	Systems running NetBSD 5.* sources dated from before
	2009-07-17 should be upgraded from NetBSD 5.* sources dated
	2009-07-18 or later.

	The following files/directories need to be updated from the
	netbsd-5 or netbsd-5-0 branches:
		dist/dhcp/server

	To update from CVS, re-build, and re-install dhcpd:

		# cd src
		# cvs update -r <branch_name> -d -P dist/dhcp/server
		# cd usr.sbin/dhcp
		# make USETOOLS=no cleandir dependall
		# cd server
		# make USETOOLS=no install

* NetBSD 4.*:

	Systems running NetBSD 4.* sources dated from before
	2009-07-17 should be upgraded from NetBSD 4.* sources dated
	2009-07-18 or later.

	The following files/directories need to be updated from the
	netbsd-4 or netbsd-4-0 branches:
		dist/dhcp/server

	To update from CVS, re-build, and re-install dhcpd:

		# cd src
		# cvs update -r <branch_name> -d -P dist/dhcp/server
		# cd usr.sbin/dhcp
		# make USETOOLS=no cleandir dependall
		# cd server
		# make USETOOLS=no install


Thanks To
=========

Christoph Biedl for discovering and reporting the issue, and Florian
Weimer for the fix.


Revision History
================

	2009-07-28	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-011.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.

Copyright 2009, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2009-011.txt,v 1.1 2009/07/28 18:29:29 tonnerre Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)

iQIcBAEBAgAGBQJKb0iQAAoJEAZJc6xMSnBujKAP/14r5KM5VfyEfsLgrId7XiKY
Ms28lQ5i7gUI+0hfNPh7QbADIGCim0Gdn3XVybgVNWZcFWNOQWwQfRu+/2Zv9JeG
SLBUp+xJ7eqWxM66oZYvPK4csB18L/qZSWouHdDxA1z64+S8Qsn9pz6Y1hih/eoh
b1WWa9ZcE/7JxYINVCH4RKQIn7TRPWqLex1MWf3jGJafAH3XRpgfCWUbgkTB4CTU
xNahopXzt3Xpdmd8j9kRPzLnP7UEUOwQapcQAJ88tlMISNh5zbRuuxWHJGDwxM3l
pBm65TvItT2N+D2Z/4CkduK8Z1U7nM0pXR/amJOrrotK0kllLMhH+sYZ5lROLx8R
DFHuaDYxPQ0xOySVRc3rnPguatm27TB/BgSiFC/vEU030OXB90dboTDsnQhRn0WI
5jAfC1iKzq/fN6rMsKKaZ718En5lLV8Qcew29IGJUMS8vC5+PZ3yDHOSVXZiFjp0
r8RZj1EucuzJKYT5veqZ2SSSK14elvczclpyBir+GyhEuh9RLS71k/Td9DlsPrMR
XhE3V3/ygyQcBZJ69xn0QGlXHInMPc1aRNDxObg+511i8ugvpb6V71VFQOeF81/7
M7qqAl2W3ojMzHTISXUHRSICB3dyJ8jy9y9GFRpw6UkvUyskuGttYYhA85EuPexi
WVkLaq9xsgfSYqB9+71X
=PW6s
-----END PGP SIGNATURE-----
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
The NetBSD 1.6 Release Process has begun!, Todd Vierling, (Tue May 28, 7:50 am)
Announcing NetBSD 1.5.3, he, (Mon Jul 22, 1:57 pm)
NetBSD 1.6.1 release process has begun, Jan Schaumann, (Thu Jan 30, 10:52 am)
Summary of Changes to the NetBSD Packages Collection in Ju ..., Alistair Crooks, (Tue Jul 22, 4:45 am)
The NetBSD Foundation is now a 501(c)(3) non-profit organi ..., Luke Mewburn, (Tue Feb 10, 3:05 pm)
Summary of Changes to the Packages Collection in December 2004, Alistair Crooks, (Tue Jan 4, 3:40 pm)
Summary of Changes to the Packages Collection in March 2005, Alistair Crooks, (Tue May 10, 8:19 am)
New, D. Adam Karim, (Sat Sep 3, 4:28 am)
Announcing NetBSD 2.1, Jeff Rizzo, (Wed Nov 2, 1:28 pm)
NetBSD Security Advisory 2006-010: Sendmail race condition, NetBSD Security-Officer, (Wed Mar 29, 6:32 pm)
NetBSD Security Advisory 2006-014: An audio subsystem race ..., NetBSD Security-Officer, (Thu Apr 27, 1:40 pm)
cvsweb is offline on this weekend, SODA Noriyuki, (Fri Jul 28, 4:44 am)
NetBSD Security Advisory 2006-022: BIND recursive query an ..., NetBSD Security-Officer, (Thu Sep 21, 2:45 pm)
NetBSD and the Google Summer of Code 2007 Summary, Mark Weinem, (Mon Oct 8, 5:59 pm)
outage to the NetBSD servers Sun April 20th 11:00-12:00 UTC, S.P.Zeidler, (Sat Apr 19, 12:06 pm)
Metadata journaling support added to FFS, Jared D. McNeill, (Thu Jul 31, 12:12 pm)
The pkgsrc-2008Q3 Release, Alistair Crooks, (Tue Oct 14, 4:45 am)
Thread scheduling and related interfaces in NetBSD 5.0, Mindaugas Rasiukevicius, (Sun May 3, 1:45 pm)
NetBSD Security Advisory 2009-011: ISC DHCP server Denial ..., NetBSD Security Officer, (Tue Jul 28, 2:51 pm)