Several potentially serious security flaws exist in the Internet
Software Consortium's (ISC) Dynamic Host Configuration Protocol
(DHCP) software.
In an internal audit, ISC discovered multiple buffer overflow flaws
in versions 3.0 through 3.0.1RC10 of its DHCP product, according to
the CERT Co-ordination Center (CERT/CC).
The flaws lie in a feature of ISC's DHCP product that allows the
DHCP server to update a Domain Name System (DNS) server
automattically. An attacker could take over an affected system by
sending a DHCP message containing a large host name.
The ISC DHCP software ships as part of products from Red Hat and
SuSE Linux, but the vulnerability status of many other vendors is
still unknown. Red Hat already has a patch available, while SuSE is
working on a software update.
DHCP software is used to assign users Internet Protocol (IP)
addresses automatically when they sign on to a network. Typically a
DHCP server is not accessible externally, limiting the threat of
attacks.
ISC, which also provides the widely used BIND (Berkeley Internet
Name Domain) DNS software, has released an update fixing the DHCP
flaws. CERT maintains a list of suppliers whose software could
contain the ISC software and may also be vulnerable.
The CERT advisory is at:
www.cert.org/advisories/CA-2003-01.html