Vulnerability Note VU#284857
ISC DHCPD minires library contains multiple buffer overflows
The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits.
There are multiple remote buffer overflow vulnerabilities in the ISC implementation of DHCP. As described in RFC 2131, "the Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network." In addition to supplying hosts with network configuration data, ISC DHCPD allows the DHCP server to dynamically update a DNS server, obviating the need for manual updates to the name server configuration. Support for dynamic DNS updates is provided by the NSUPDATE feature.
Remote attackers may be able to execute arbitrary code with the privileges of the user running ISC DHCPD.
Upgrade or apply a patch
Disable dynamic DNS updates (NSUPDATE)
Block external access to DHCP server ports
bootps 67/udp # Bootstrap Protocol Server
bootpc 68/tcp # Bootstrap Protocol Client
bootpc 68/udp # Bootstrap Protocol Client
As a general rule, the CERT/CC recommends disabling any service or capability that is not explicitly required. Depending on your network configuration, you may not need to use DHCP.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|BSDI||Affected||26 Nov 2002||15 Jan 2003|
|Conectiva||Affected||26 Nov 2002||28 Jan 2003|
|Debian||Affected||26 Nov 2002||20 Jan 2003|
|Gentoo Linux||Affected||17 Jan 2003||20 Jan 2003|
|ISC||Affected||15 Nov 2002||15 Jan 2003|
|MandrakeSoft||Affected||26 Nov 2002||20 Jan 2003|
|OpenPKG||Affected||16 Jan 2003||20 Jan 2003|
|Red Hat Inc.||Affected||26 Nov 2002||15 Jan 2003|
|Slackware||Affected||19 Jan 2003||21 Jan 2003|
|SuSE Inc.||Affected||26 Nov 2002||20 Jan 2003|
|Alcatel||Not Affected||26 Nov 2002||26 Mar 2003|
|Apple Computer Inc.||Not Affected||26 Nov 2002||15 Jan 2003|
|Cisco Systems Inc.||Not Affected||26 Nov 2002||15 Jan 2003|
|Cray Inc.||Not Affected||26 Nov 2002||15 Jan 2003|
|Fujitsu||Not Affected||26 Nov 2002||20 Jan 2003|
CVSS Metrics (Learn More)
The CERT Coordination Center thanks David Hankins of the Internet Software Consortium for notifying us about this problem and for helping us to construct this document. We also thank Jacques A. Vidrine for drawing attention to this issue.
This document was written by Jeffrey P. Lanza.
- CVE IDs: CAN-2003-0026
- CERT Advisory: CA-2003-01
- Date Public: 15 Jan 2003
- Date First Published: 15 Jan 2003
- Date Last Updated: 26 Mar 2003
- Severity Metric: 5.27
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.