DHCP server can take over client
Jul 16, 2009, 08:02 (0 Talkback[s])
"This is the default set-up in Ubuntu, BSD and many other Linux
distributions. According to an ISC advisory, the vulnerability is
based on a buffer overflow that allows attackers to inject
arbitrary code into a system and execute it at root level. The
buffer overflow can be triggered in the script_write_params method
using excessively long server-supplied subnet masks.
"The client-server bundles DHCP 4.1, DHCP 4.0, DHCP 3.1, DHCP
3.0 and DHCP 2.0 are all affected. The vendor has provided update
versions 4.1.0p1, 4.0.1p1 and 3.1.2p1 to close the hole. Updated
packages are already being distributed by the Linux distributors.
Reportedly, no patches are available for DHCP 3.0 and DHCP 2.0, as
the ISC no longer supports these versions."