Security News

ISC DHCP Server Denial of Service (June 18, 2010)

By

The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses a client-server architecture and utilizes UDP ports 67 and 68 for communication. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. A typical DHCP transaction looks like:

[ Client ]—– DISCOVER —->[ Server ]
[ Client ]<------ OFFER ------[ Server ]
[ Client ]—– REQUESST —->[ Server ]
[ Client ]<------- ACK -------[ Server ]

All DHCP messages consist of a fixed-length header and some variable-length options. Each individual option record has the following format:

OffsetSizeValue
==============================
00001Option code
00011Option length (len)
0002lenOption data

One of the option records is option 61, the Client Identifier.

A denial of service vulnerability exists in ISC DHCP server, which is the most widely used open source DHCP implementation. Specifically, the vulnerability is due to a design error in the handling of crafted Client Identifier option record. A remote attacker could exploit this vulnerability by sending a crafted DHCP message to the target server. Successful exploitation would terminate the process and cause a denial of service condition.

The CVE identifier for this vulnerability is CVE-2010-2156.

SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 1079 ISC DHCP Server Client ID DoS
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
AgentTesla Updates Its Infection Chain
SSL Certificate Null Byte Poisoning (July 31, 2009)
New wave of attacks attempting to exploit Huawei home routers
RealNetworks RealGames ActiveX Command Execution (May 27, 2011)
Microsoft Security Bulletin Coverage (Aug 9, 2016)
Digium Asterisk Manager Command Execution (May 17, 2012)
Cyber Security News & Trends – 01-18-19
Microsoft Security Bulletin Coverage for December 2022