Bug 672755 (CVE-2011-0413)

Summary: CVE-2011-0413 dhcp: unexpected abort caused by a DHCPv6 decline message
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jlieskov, jpopelka, security-response-team, vdanen, wnefal+redhatbugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-19 08:10:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 672994, 672995, 672996    
Bug Blocks:    
Attachments:
Description Flags
diff of upstream 4.1.2 and 4.1.2-P1 none

Description Tomas Hoger 2011-01-26 09:13:17 UTC 
We've been notified by ISC about the upcoming security advisory for ISC DHCP.  This issue affects DHCPv6 server:

  When the DHCPv6 server code processes a message for an address that was
  previously declined and internally tagged as abandoned it can trigger an
  assert failure resulting in the server crashing. This could be used to
  crash DHCPv6 servers remotely. This issue only affects DHCPv6 servers.
  DHCPv4 servers are unaffected.

  Versions affected: 4.0.x-4.2.x
  Solution: Upgrade to 4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1

This also got US-CERT id VU#686084: http://www.kb.cert.org/vuls/id/686084

Acknowledgement:

Red Hat would like to thank Internet Systems Consortium for reporting this issue.
Comment 4 Vincent Danen 2011-01-26 23:19:17 UTC 
This is now public:

http://www.isc.org/software/dhcp/advisories/cve-2011-0413
Comment 5 Vincent Danen 2011-01-26 23:20:35 UTC 
Created attachment 475495 [details]
diff of upstream 4.1.2 and 4.1.2-P1

This is the relevant changes from upstream for this issue; 4.1.2-P1 only fixed this issue and nothing else; all the other changes omitted are copyright/$Id$ changes.
Comment 7 Vincent Danen 2011-01-26 23:22:40 UTC 
Created dhcp tracking bugs for this issue

Affects: fedora-all [bug 672996]
Comment 8 errata-xmlrpc 2011-02-15 18:47:08 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0256 https://rhn.redhat.com/errata/RHSA-2011-0256.html