Linux Security
Linux Security
Linux Security

Debian: dhcp3 potential flood vulnerability

Date 28 Jan 2003
Posted By LinuxSecurity Advisories
There is a bug in the dhcrelay causing it to send a continuing packet storm towards the configured DHCP server(s) in case of a malicious BOOTP packet.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 245-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
January 28th, 2003             
- --------------------------------------------------------------------------

Package        : dhcp3
Vulnerability  : ignored counter boundary
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2003-0039

Florian Lohoff discovered a bug in the dhcrelay causing it to send a
continuing packet storm towards the configured DHCP server(s) in case
of a malicious BOOTP packet, such as sent from buggy Cisco switches.

When the dhcp-relay receives a BOOTP request it forwards the request
to the DHCP server using the broadcast MAC address ff:ff:ff:ff:ff:ff
which causes the network interface to reflect the packet back into the
socket.  To prevent loops the dhcrelay checks whether the
relay-address is its own, in which case the packet would be dropped.
In combination with a missing upper boundary for the hop counter an
attacker can force the dhcp-relay to send a continuing packet storm
towards the configured dhcp server(s).

This patch introduces a new commandline switch ``-c maxcount'' and
people are advised to start the dhcp-relay with ``dhcrelay -c 10''
or a smaller number, which will only create that many packets.

The dhcrelay program from the ``dhcp'' package does not seem to be
affected since DHCP packets are dropped if they were apparently
relayed already.

For the stable distribution (woody) this problem has been fixed in
version 3.0+3.0.1rc9-2.2.

The old stable distribution (potato) does not contain dhcp3 packages.

For the unstable distribution (sid) this problem has been fixed in
version 1.1.2-1.

We recommend that you upgrade your dhcp3 package when you are using
the dhcrelay server.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:      730 24c46bc59c7b7fbf5af839b1896073cf
      Size/MD5 checksum:    24457 9d555df929ea70ef2b36f7455298a79f
      Size/MD5 checksum:   809803 3cc4758e5a59362315393a1874dfcb21

  Alpha architecture:
      Size/MD5 checksum:   416630 397a678e504608e82480b70da257e3de
      Size/MD5 checksum:   216102 393965c956aa0c61b87830ade40927ef
      Size/MD5 checksum:   106904 787c1f7ef446485f153fdb5985f57669
      Size/MD5 checksum:   287256 9157faf5d681794429640f3c77ef2ae3
      Size/MD5 checksum:   526892 48d538b72ff214a8ec5b224f9e4716da

  ARM architecture:
      Size/MD5 checksum:   386896 f4f9769ef04b52227b0b1134824a8f58
      Size/MD5 checksum:   188652 b82228305af807ba3588ab0aad6d55aa
      Size/MD5 checksum:    93386 4990ce79c724969a518c8203398c6a36
      Size/MD5 checksum:   273362 16e0bd4a19aaabf42f91d62cde3c806f
      Size/MD5 checksum:   484526 d597e37691b5aba8599fc654354436df

  Intel IA-32 architecture:
      Size/MD5 checksum:   375346 27d1ad0d2b6cfbbdebfcdf034edfef0b
      Size/MD5 checksum:   178596 955644258c1c3447c440ea68240c5595
      Size/MD5 checksum:    82090 88d318c70305922de31c6f0eab7db3e6
      Size/MD5 checksum:   269360 e87afd18b990a9c16e8768152b05fb11
      Size/MD5 checksum:   465170 2bf1b093963bcd214e1edd9a078b7446

  Intel IA-64 architecture:
      Size/MD5 checksum:   550076 a46f9f25e3567e22a55df624559f346e
      Size/MD5 checksum:   339224 d91056b8739382c06dcad9ed9fdce54d
      Size/MD5 checksum:   134254 11d223ea9054ad0b19d55add7083c21d
      Size/MD5 checksum:   348766 e546dac3162fee5eab1328c120bc51c4
      Size/MD5 checksum:   701484 80aa1015319366aa8f6fa6c3e7daa088

  HP Precision architecture:
      Size/MD5 checksum:   384876 e971b851045b3399b3280789bfb10dd8
      Size/MD5 checksum:   188182 13442ca2429b42ef3aa007e84cb686bd
      Size/MD5 checksum:    93040 37c5a4ea972f80fc4aae1fa18cce870d
      Size/MD5 checksum:   274828 4ee56537ce01864eff25c04bf8cbc7cc
      Size/MD5 checksum:   478030 f5aa250b35b7aba6236e243f81a40571

  Motorola 680x0 architecture:
      Size/MD5 checksum:   364618 a1fc0175cae39bb4b6f8366104cdd027
      Size/MD5 checksum:   168548 e619f627bf4dc3502237445b170b9b10
      Size/MD5 checksum:    79262 70957f418a8be321b6cd8ed681392daf
      Size/MD5 checksum:   264246 527734c5a0815888385c8030a0ab8d11
      Size/MD5 checksum:   451098 b7a114770edf4846bcc122fa91802a87

  Big endian MIPS architecture:
      Size/MD5 checksum:   397654 5dd77052a1bf96a6919b42abb7d1993d
      Size/MD5 checksum:   198506 29532f0c0c25cc74db482956a2e17767
      Size/MD5 checksum:    94724 9be76951eec5cb400b91b6d2aa3afbc4
      Size/MD5 checksum:   281616 d487fea11aa26522ca13252d5a1143f1
      Size/MD5 checksum:   496364 ae74e80436ac5a5639d25c813937be4c

  Little endian MIPS architecture:
      Size/MD5 checksum:   397210 af17a66c93142f3b37f3ff54a70de6ce
      Size/MD5 checksum:   197808 f64f4c1cbe51b41a46105fb96afac7f2
      Size/MD5 checksum:    94864 2cd66c4b1fad6f8cf76d88fb3d32b64e
      Size/MD5 checksum:   281570 1913fcf10728ea03dd914aef054b062a
      Size/MD5 checksum:   496042 9396140993730275d6b8de6e34675f54

  PowerPC architecture:
      Size/MD5 checksum:   375068 666bbe22fd67328d8992facd41d1896b
      Size/MD5 checksum:   178500 ae76150c581357a02d9b7bb8ced0dbdc
      Size/MD5 checksum:    91100 9a647196076ff0ca93f1972be8e06c96
      Size/MD5 checksum:   269858 c7c3f542facc9f807dbbd1a8452cd732
      Size/MD5 checksum:   466862 5e4a8282b7befb8471bcaa48d7f7e578

  IBM S/390 architecture:
      Size/MD5 checksum:   374846 b2479d34b339e43b754f856d04fe7c18
      Size/MD5 checksum:   177838 29fb48bb7d7df2abf795ba8d18d54dba
      Size/MD5 checksum:    83068 c693a61e70c3551ff06ebbe3902d77da
      Size/MD5 checksum:   270776 e518ea7234a90f9ad6775402bd1ebed9
      Size/MD5 checksum:   465362 2e5c9c19eec1b2da7723ec841066d91d

  Sun Sparc architecture:
      Size/MD5 checksum:   375452 c9bd70d1b1fdf3d46d2d0c3d90afdabe
      Size/MD5 checksum:   178438 fc7418c8bdc8191c9068544c09095ac0
      Size/MD5 checksum:    87346 dc9d3fedf805cb854e883ad054325380
      Size/MD5 checksum:   271280 5a063042a2f5700ebd15c86459192761
      Size/MD5 checksum:   465524 c7a808f387b4c4c488cba086145d272a

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and  https://pac


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.