The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses a client-server architecture and utilizes UDP ports 67 and 68 for communication. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. A typical DHCP transaction looks like:
[ Client ] |
—– DISCOVER —-> |
[ Server ] |
[ Client ] |
<------ OFFER ------ |
[ Server ] |
[ Client ] |
—– REQUESST —-> |
[ Server ] |
[ Client ] |
<------- ACK ------- |
[ Server ] |
All DHCP messages consist of a fixed-length header and some variable-length options. Each individual option record has the following format:
Offset |
Size |
Value |
====== |
==== |
==================== |
0000 |
1 |
Option code |
0001 |
1 |
Option length (len) |
0002 |
len |
Option data |
One of the option records is option 61, the
Client Identifier.
A denial of service vulnerability exists in ISC DHCP server, which is the most widely used open source DHCP implementation. Specifically, the vulnerability is due to a design error in the handling of crafted
Client Identifier option record. A remote attacker could exploit this vulnerability by sending a crafted DHCP message to the target server. Successful exploitation would terminate the process and cause a denial of service condition.
The CVE identifier for this vulnerability is
CVE-2010-2156.
SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:
- 1079 ISC DHCP Server Client ID DoS
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.