Monday, May 20, 2024

CERT Warns Of DHCP Threat

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The CERT Coordination Center is warning of a vulnerability in Dynamic Host Configuration Protocol (DHCP) servers that could enable an intruder to gain root access to the servers.

Originally issued on May 8 and updated on Tuesday, the warning says the vulnerability affects DHCP servers, or daemons, supplied by the Internet Software Consortium, a non-profit provider of open-source software. DHCP is used to dynamically assign IP addresses to users as they connect to a network.

CERT/CC says the vulnerability relates to Versions 3 to 3.0.1 rc8 of the server, specifically to the NSUPDATE option that is enabled by default. After processing a DHCP request, NSUPDATE allows the DHCP server to send information about the host to the DNS server. The DNS server then replies with an acknowledgement message, which is logged by the DHCP server.

The vulnerability exists in the code that performs that logging function, CERT/CC says. Hackers who know how to exploit it may be able to gain root access privileges to the DHCP server, enabling them to execute code.

As for how to fix the vulnerability, the ISC has issued a patch, which is included in the CERT/CC advisory, available here.

CERT/CC also says any users who don’t need DHCP should simply disable the function, as they should for any services they don’t require. Using ingress filtering to block access to the DHCP servers at the network perimeter may provide a temporary fix, CERT/CC says.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles