CERT Warns Of DHCP Threat

The CERT Coordination Center is warning of a vulnerability in Dynamic Host Configuration Protocol (DHCP) servers that could enable an intruder to gain root access to the servers.

Originally issued on May 8 and updated on Tuesday, the warning says the vulnerability affects DHCP servers, or daemons, supplied by the Internet Software Consortium, a non-profit provider of open-source software. DHCP is used to dynamically assign IP addresses to users as they connect to a network.

CERT/CC says the vulnerability relates to Versions 3 to 3.0.1 rc8 of the server, specifically to the NSUPDATE option that is enabled by default. After processing a DHCP request, NSUPDATE allows the DHCP server to send information about the host to the DNS server. The DNS server then replies with an acknowledgement message, which is logged by the DHCP server.

The vulnerability exists in the code that performs that logging function, CERT/CC says. Hackers who know how to exploit it may be able to gain root access privileges to the DHCP server, enabling them to execute code.

As for how to fix the vulnerability, the ISC has issued a patch, which is included in the CERT/CC advisory, available here.

CERT/CC also says any users who don’t need DHCP should simply disable the function, as they should for any services they don’t require. Using ingress filtering to block access to the DHCP servers at the network perimeter may provide a temporary fix, CERT/CC says.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020