CERT Warns Of DHCP Threat

The CERT Coordination Center is warning of a vulnerability in Dynamic Host Configuration Protocol (DHCP) servers that could enable an intruder to gain root access to the servers.

Originally issued on May 8 and updated on Tuesday, the warning says the vulnerability affects DHCP servers, or daemons, supplied by the Internet Software Consortium, a non-profit provider of open-source software. DHCP is used to dynamically assign IP addresses to users as they connect to a network.

CERT/CC says the vulnerability relates to Versions 3 to 3.0.1 rc8 of the server, specifically to the NSUPDATE option that is enabled by default. After processing a DHCP request, NSUPDATE allows the DHCP server to send information about the host to the DNS server. The DNS server then replies with an acknowledgement message, which is logged by the DHCP server.

The vulnerability exists in the code that performs that logging function, CERT/CC says. Hackers who know how to exploit it may be able to gain root access privileges to the DHCP server, enabling them to execute code.

As for how to fix the vulnerability, the ISC has issued a patch, which is included in the CERT/CC advisory, available here.

CERT/CC also says any users who don’t need DHCP should simply disable the function, as they should for any services they don’t require. Using ingress filtering to block access to the DHCP servers at the network perimeter may provide a temporary fix, CERT/CC says.