Vigil@nce: ISC DHCP, denial of service via Client Identifier
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A network attacker can send a malicious DHCP packet, in order to
stop the ISC DHCP server.
– Severity: 2/4
– Creation date: 02/06/2010
DESCRIPTION OF THE VULNERABILITY
The ISC DHCP server implements the DHCP protocol.
The RFC 2131 and 2132 define the Client Identifier DHCP option,
which is used by an administrator to set a name to a DHCP client.
This option is configured by the "dhcp-client-identifier"
directive of the client (or by the DhcpClientIdentifier key on
Windows).
The omapip/hash.c file of ISC DHCP implements a hash table, whose
Client Identifier is the key. However, if the key (Client
Identifier) size is null, an internal error occurs and the ISC
DHCP stops.
A network attacker can therefore send a malicious DHCP packet, in
order to stop the ISC DHCP server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ISC-DHCP-denial-of-service-via-Client-Identifier-9679