Check Point Advisories

Sun Solaris DHCP Client Arbitrary Code Execution (CVE-2005-2870)

Check Point Reference: CPAI-2005-286
Date Published: 7 Mar 2010
Severity: High
Last Updated: Thursday 10 February, 2022
Industry Reference:CVE-2005-2870
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable?
Vulnerability Description The DHCP protocol is used by network administrators to centrally manage and automate the assignment of IP addresses on a network. In addition to IP address assignment, DHCP clients receive from a DHCP server information that is required to manage their network configuration including the sub-net netmask, gateway address, domain name, and so on. Sun provides an implementation of the client side of the DHCP protocol with its Solaris operating system. There exists a command execution vulnerability in the DHCP client application shipped with Solaris. The vulnerability is caused by improper sanitization of data supplied in DHCP reply messages. A remote attacker with access to the target's local network can exploit the vulnerability by sending malicious DHCP replies to the target. Exploiting this flaw allows an attacker to execute arbitrary commands within the privileges of the root user. A successful attack allows a malicious user to execute arbitrary system commands on the target DHCP client. The behavior of the target is dependent on the intention of the malicious injected code.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Sun Solaris DHCP Client Arbitrary Code Execution protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  DHCP Protection Violation.
Attack Information:  Sun Solaris DHCP Client Arbitrary Code Execution

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.