Debian: dhcp3 potential flood vulnerability

    Date28 Jan 2003
    CategoryDebian
    2930
    Posted ByLinuxSecurity Advisories
    There is a bug in the dhcrelay causing it to send a continuing packet storm towards the configured DHCP server(s) in case of a malicious BOOTP packet.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 245-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    January 28th, 2003                       http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : dhcp3
    Vulnerability  : ignored counter boundary
    Problem-Type   : remote
    Debian-specific: no
    CVE Id         : CAN-2003-0039
    
    Florian Lohoff discovered a bug in the dhcrelay causing it to send a
    continuing packet storm towards the configured DHCP server(s) in case
    of a malicious BOOTP packet, such as sent from buggy Cisco switches.
    
    When the dhcp-relay receives a BOOTP request it forwards the request
    to the DHCP server using the broadcast MAC address ff:ff:ff:ff:ff:ff
    which causes the network interface to reflect the packet back into the
    socket.  To prevent loops the dhcrelay checks whether the
    relay-address is its own, in which case the packet would be dropped.
    In combination with a missing upper boundary for the hop counter an
    attacker can force the dhcp-relay to send a continuing packet storm
    towards the configured dhcp server(s).
    
    This patch introduces a new commandline switch ``-c maxcount'' and
    people are advised to start the dhcp-relay with ``dhcrelay -c 10''
    or a smaller number, which will only create that many packets.
    
    The dhcrelay program from the ``dhcp'' package does not seem to be
    affected since DHCP packets are dropped if they were apparently
    relayed already.
    
    For the stable distribution (woody) this problem has been fixed in
    version 3.0+3.0.1rc9-2.2.
    
    The old stable distribution (potato) does not contain dhcp3 packages.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.1.2-1.
    
    We recommend that you upgrade your dhcp3 package when you are using
    the dhcrelay server.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.dsc
          Size/MD5 checksum:      730 24c46bc59c7b7fbf5af839b1896073cf
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.diff.gz
          Size/MD5 checksum:    24457 9d555df929ea70ef2b36f7455298a79f
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9.orig.tar.gz
          Size/MD5 checksum:   809803 3cc4758e5a59362315393a1874dfcb21
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_alpha.deb
          Size/MD5 checksum:   416630 397a678e504608e82480b70da257e3de
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_alpha.deb
          Size/MD5 checksum:   216102 393965c956aa0c61b87830ade40927ef
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_alpha.deb
          Size/MD5 checksum:   106904 787c1f7ef446485f153fdb5985f57669
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_alpha.deb
          Size/MD5 checksum:   287256 9157faf5d681794429640f3c77ef2ae3
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_alpha.deb
          Size/MD5 checksum:   526892 48d538b72ff214a8ec5b224f9e4716da
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_arm.deb
          Size/MD5 checksum:   386896 f4f9769ef04b52227b0b1134824a8f58
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_arm.deb
          Size/MD5 checksum:   188652 b82228305af807ba3588ab0aad6d55aa
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_arm.deb
          Size/MD5 checksum:    93386 4990ce79c724969a518c8203398c6a36
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_arm.deb
          Size/MD5 checksum:   273362 16e0bd4a19aaabf42f91d62cde3c806f
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_arm.deb
          Size/MD5 checksum:   484526 d597e37691b5aba8599fc654354436df
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_i386.deb
          Size/MD5 checksum:   375346 27d1ad0d2b6cfbbdebfcdf034edfef0b
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_i386.deb
          Size/MD5 checksum:   178596 955644258c1c3447c440ea68240c5595
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_i386.deb
          Size/MD5 checksum:    82090 88d318c70305922de31c6f0eab7db3e6
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_i386.deb
          Size/MD5 checksum:   269360 e87afd18b990a9c16e8768152b05fb11
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_i386.deb
          Size/MD5 checksum:   465170 2bf1b093963bcd214e1edd9a078b7446
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_ia64.deb
          Size/MD5 checksum:   550076 a46f9f25e3567e22a55df624559f346e
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_ia64.deb
          Size/MD5 checksum:   339224 d91056b8739382c06dcad9ed9fdce54d
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_ia64.deb
          Size/MD5 checksum:   134254 11d223ea9054ad0b19d55add7083c21d
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_ia64.deb
          Size/MD5 checksum:   348766 e546dac3162fee5eab1328c120bc51c4
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_ia64.deb
          Size/MD5 checksum:   701484 80aa1015319366aa8f6fa6c3e7daa088
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_hppa.deb
          Size/MD5 checksum:   384876 e971b851045b3399b3280789bfb10dd8
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_hppa.deb
          Size/MD5 checksum:   188182 13442ca2429b42ef3aa007e84cb686bd
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_hppa.deb
          Size/MD5 checksum:    93040 37c5a4ea972f80fc4aae1fa18cce870d
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_hppa.deb
          Size/MD5 checksum:   274828 4ee56537ce01864eff25c04bf8cbc7cc
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_hppa.deb
          Size/MD5 checksum:   478030 f5aa250b35b7aba6236e243f81a40571
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_m68k.deb
          Size/MD5 checksum:   364618 a1fc0175cae39bb4b6f8366104cdd027
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_m68k.deb
          Size/MD5 checksum:   168548 e619f627bf4dc3502237445b170b9b10
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_m68k.deb
          Size/MD5 checksum:    79262 70957f418a8be321b6cd8ed681392daf
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_m68k.deb
          Size/MD5 checksum:   264246 527734c5a0815888385c8030a0ab8d11
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_m68k.deb
          Size/MD5 checksum:   451098 b7a114770edf4846bcc122fa91802a87
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_mips.deb
          Size/MD5 checksum:   397654 5dd77052a1bf96a6919b42abb7d1993d
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_mips.deb
          Size/MD5 checksum:   198506 29532f0c0c25cc74db482956a2e17767
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_mips.deb
          Size/MD5 checksum:    94724 9be76951eec5cb400b91b6d2aa3afbc4
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_mips.deb
          Size/MD5 checksum:   281616 d487fea11aa26522ca13252d5a1143f1
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_mips.deb
          Size/MD5 checksum:   496364 ae74e80436ac5a5639d25c813937be4c
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_mipsel.deb
          Size/MD5 checksum:   397210 af17a66c93142f3b37f3ff54a70de6ce
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_mipsel.deb
          Size/MD5 checksum:   197808 f64f4c1cbe51b41a46105fb96afac7f2
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_mipsel.deb
          Size/MD5 checksum:    94864 2cd66c4b1fad6f8cf76d88fb3d32b64e
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_mipsel.deb
          Size/MD5 checksum:   281570 1913fcf10728ea03dd914aef054b062a
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_mipsel.deb
          Size/MD5 checksum:   496042 9396140993730275d6b8de6e34675f54
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_powerpc.deb
          Size/MD5 checksum:   375068 666bbe22fd67328d8992facd41d1896b
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_powerpc.deb
          Size/MD5 checksum:   178500 ae76150c581357a02d9b7bb8ced0dbdc
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_powerpc.deb
          Size/MD5 checksum:    91100 9a647196076ff0ca93f1972be8e06c96
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_powerpc.deb
          Size/MD5 checksum:   269858 c7c3f542facc9f807dbbd1a8452cd732
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_powerpc.deb
          Size/MD5 checksum:   466862 5e4a8282b7befb8471bcaa48d7f7e578
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_s390.deb
          Size/MD5 checksum:   374846 b2479d34b339e43b754f856d04fe7c18
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_s390.deb
          Size/MD5 checksum:   177838 29fb48bb7d7df2abf795ba8d18d54dba
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_s390.deb
          Size/MD5 checksum:    83068 c693a61e70c3551ff06ebbe3902d77da
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_s390.deb
          Size/MD5 checksum:   270776 e518ea7234a90f9ad6775402bd1ebed9
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_s390.deb
          Size/MD5 checksum:   465362 2e5c9c19eec1b2da7723ec841066d91d
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_sparc.deb
          Size/MD5 checksum:   375452 c9bd70d1b1fdf3d46d2d0c3d90afdabe
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_sparc.deb
          Size/MD5 checksum:   178438 fc7418c8bdc8191c9068544c09095ac0
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_sparc.deb
          Size/MD5 checksum:    87346 dc9d3fedf805cb854e883ad054325380
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_sparc.deb
          Size/MD5 checksum:   271280 5a063042a2f5700ebd15c86459192761
         http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_sparc.deb
          Size/MD5 checksum:   465524 c7a808f387b4c4c488cba086145d272a
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://pac
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":32,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.