Bug 842428 (CVE-2012-3954)

Summary: CVE-2012-3954 dhcp: two memory leaks may result in DoS
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jpopelka, ljozsa, security-response-team, slms-aisc-inf
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20120724,reported=20120723,source=upstream,cvss2=3.3/AV:A/AC:L/Au:N/C:N/I:N/A:P,fedora-all/dhcp=affected,rhel-6/dhcp=affected,rhel-5/dhcp=notaffected,cwe=CWE-401[auto]
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 842892, 843120, 843122    
Bug Blocks: 842431    

Description Vincent Danen 2012-07-23 16:38:10 EDT
ISC has discovered and fixed two memory leaks in the DHCP code. One of the
leaks only affects servers running in DHCPv6 mode. The other is known to
affect a server running in DHCPv6 mode but could potentially occur on
servers running in DHCPv4 mode as well. In both cases the server can leak a
small amount of memory while processing messages. The amount leaked per
iteration is small and the leak will not cause problems in many cases.
However on a server that is run for a long period without re-starting or a
server handling an extraordinary amount of traffic from the clients the
leak could consume all memory available to the DHCP server process,
preventing further operation by the DHCP server process and potentially
interfering with other services hosted on the same server hardware.

Upstream has indicated that 3.1.x is potentially vulnerable to this flaw, although since it is no longer supported upstream, they have not investigated.  They also indicate that these leaks are reproducable when running in DHCPv6 mode; one of the leaks only affects DHCPv6 mode, while the other may also theoretically affect DHCPv4 servers as well.

A temporary workaround is to periodically restart the dhcp service.
Comment 2 Vincent Danen 2012-07-24 16:33:33 EDT
This is now public:

Comment 3 Vincent Danen 2012-07-24 16:42:10 EDT
Created dhcp tracking bugs for this issue

Affects: fedora-all [bug 842892]
Comment 7 Murray McAllister 2012-07-31 00:40:30 EDT

Upstream acknowledges Glen Eustace of Massey University, New Zealand, as the original reporter of this issue.
Comment 9 Fedora Update System 2012-08-01 14:28:11 EDT
dhcp-4.2.4-9.P1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 errata-xmlrpc 2012-08-02 20:28:03 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1141 https://rhn.redhat.com/errata/RHSA-2012-1141.html
Comment 11 Fedora Update System 2012-08-06 03:50:34 EDT
dhcp-4.2.3-11.P2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.