The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits.
There are multiple remote buffer overflow vulnerabilities in the ISC implementation of DHCP. As described in RFC 2131, "the Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network." In addition to supplying hosts with network configuration data, ISC DHCPD allows the DHCP server to dynamically update a DNS server, obviating the need for manual updates to the name server configuration. Support for dynamic DNS updates is provided by the NSUPDATE feature.
Remote attackers may be able to execute arbitrary code with the privileges of the user running ISC DHCPD.
Upgrade or apply a patch
Disable dynamic DNS updates (NSUPDATE)
Block external access to DHCP server ports
Red Hat Inc.
Apple Computer Inc.
Cisco Systems Inc.
Sun Microsystems Inc.
Guardian Digital Inc.
Multi-Tech Systems Inc.
Redback Networks Inc.
The SCO Group (SCO Linux)
The SCO Group (SCO UnixWare)
Wind River Systems Inc.
The CERT Coordination Center thanks David Hankins of the Internet Software Consortium for notifying us about this problem and for helping us to construct this document. We also thank Jacques A. Vidrine for drawing attention to this issue.
This document was written by Jeffrey P. Lanza.