Bug 339561 (CVE-2007-0062)
| Summary: | CVE-2007-0062 dhcpd possible DoS via large max-message-size option | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED NEXTRELEASE | QA Contact: | |||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | unspecified | CC: | dcantrell, security-response-team | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-06-03 08:59:14 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Tomas Hoger
2007-10-19 11:50:44 UTC
Created attachment 241731 [details]
ISC patch for dhcp 3.0.x
Thanks to Evan Hunt for providing this patch!
Patch itself is bit long, as it has some unrelated changes too, like formatting
updates and re-wording of some comments.
This patch is a bit large. Can we have it without the formatting changes? If not, I'll go through it and reduce it to just the security fix. I'd like to get updates out for Fedora for this issue as well. Recent versions of Fedora that we're still supporting use ISC DHCP 3.0.5 or 3.0.6. I have upgraded rawhide to 3.1.0. I guess we'll have to cut it down to something smaller ourselves, but I guess it should not be too difficult. Please postpone updates for now, as we still do not know exact CVE id for this issue. Postponing it should not cause much of the problems, as I do not believe this issue does really affect any users. Btw: ISC plan regarding this issue is: It'll be released in the next cut of DHCP 4.0.0--I'm not sure yet whether it'll be named "b3" or "rc1"--and in DHCP 3.1.1b1. David Dewey of IBM ISS X-Force confirmed this is CVE-2007-0062. http://xforce.iss.net/xforce/xfdb/33102 Investigation of this issue showed that the impact of the flaw is limited to a DoS attack against dhcpd server. Issue can only be exploited in unlikely configurations where dhcpd server is configured to provide clients with a large set of DHCP options. Such configurations are easily spotted as they are likely to cause server crash on non-malicious client requests (if client specifies large enough max message size) or clients receiving incomplete or truncated options set in server's reply (for common max message sizes smaller than maximum dhcp packet MTU). Making bug public, issue is now fixed upstream in all dhcp versions currently supported by ISC. Fixed upstream in the following versions: dhcp-3.0.7 dhcp-3.1.1 dhcp-4.0.0 Due to a minimal impact of this flaw, we currently do not plan to backport a fix to dhcp packages in the already released versions of Red Hat Enterprise Linux. Future Red Hat Enterprise Linux versions will include fixed dhcp packages based on fixed upstream version. Issue is already fixed in dhcp packages in Fedora 9 and Rawhide, as they are based on fixed upstream version 4.0.0. |