Debian DSA-245-1 : dhcp3 - ignored counter boundary

medium Nessus Plugin ID 15082

Synopsis

The remote Debian host is missing a security-related update.

Description

Florian Lohoff discovered a bug in the dhcrelay causing it to send a continuing packet storm towards the configured DHCP server(s) in case of a malicious BOOTP packet, such as sent from buggy Cisco switches.

When the dhcp-relay receives a BOOTP request it forwards the request to the DHCP server using the broadcast MAC address ff:ff:ff:ff:ff:ff which causes the network interface to reflect the packet back into the socket. To prevent loops the dhcrelay checks whether the relay-address is its own, in which case the packet would be dropped. In combination with a missing upper boundary for the hop counter an attacker can force the dhcp-relay to send a continuing packet storm towards the configured dhcp server(s).

This patch introduces a new command line switch -c maxcount and people are advised to start the dhcp-relay with dhcrelay -c 10or a smaller number, which will only create that many packets.

The dhcrelay program from the 'dhcp' package does not seem to be affected since DHCP packets are dropped if they were apparently relayed already.

Solution

Upgrade the dhcp3 package when you are using the dhcrelay server.

For the stable distribution (woody) this problem has been fixed in version 3.0+3.0.1rc9-2.2.

The old stable distribution (potato) does not contain dhcp3 packages.

See Also

http://www.debian.org/security/2003/dsa-245

Plugin Details

Severity: Medium

ID: 15082

File Name: debian_DSA-245.nasl

Version: 1.22

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:3.0, p-cpe:/a:debian:debian_linux:dhcp3

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 1/28/2003

Reference Information

CVE: CVE-2003-0039

BID: 6628

CERT: 149953

DSA: 245