Check Point Advisories

Preemptive Protection against DHCP Stack Overflow in 'dhclient' script_write_params()

Check Point Reference: CPAI-2009-207
Date Published: 17 Jul 2009
Severity: Critical
Last Updated: Thursday 01 January, 2009
Source: Internet Systems Consortium
Industry Reference:CVE-2009-0692
Protection Provided by:
Who is Vulnerable? DHCP 4.1 (all versions)
4.0 (all versions)
3.1 (all versions)
3.0 (all versions)
2.0 (all versions)
Vulnerability Description The ISC DHCP client code (dhclient) application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code. ISC DHCP is a reference implementation of the DHCP protocol, including a DHCP server, client, and relay agent. dhclient fails to check the length of the server-supplied subnet-mask option before copying it into a buffer. A rogue DHCP server may be able to execute arbitrary code with root privileges on a vulnerable client system.
Vulnerability DetailsWhile generating a subnet number from the server-supplied leased address, subnet-mask 'dhclient' copies the information into a field without verifying if the length of the information exceeds the length of the field. This may allow a rogue DHCP server to execute arbitrary commands on an affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK