The DHCP server, or daemon, provided by ISC allows administrators to centralise the management and assigning of IP (Internet Protocol) addresses to devices. The ISC's DHCP implementation installs a component called NSUpdate by default that allows the DHCP server to send information about hosts on the network to a DNS (domain name server), CERT/CC said. When the DNS server receives that information, it responds to the DHCP server acknowledging the transaction. When the DHCP server receives the message, it logs the transaction, CERT/CC said.
The vulnerability in the DHCP server comes in the code that logs the communication from the DNS server, CERT/CC said. The bug affects versions 3 to 3.0.1 rc8 of ISC's DHCP implementation, CERT/CC said.
An attacker who successfully exploited the hole would be able to run code with the privileges of the DHCP server, which is often root, CERT/CC's alert said. Root privilege is the highest privilege level and allows a user complete control over a system.
To address the flaw, CERT/CC recommends that users apply vendor-supplied patches, disable the DHCP service if it is not needed or apply the ingress filtering techniques detailed in its alert.
Products from Hewlett-Packard, IBM, Lotus Software Group, Microsoft as well as the NetBSD and FreeBSD operating systems, are not affected, CERT/CC said.
The CERT/Coordination Center is a government-funded security research and development body located at Carnegie Mellon University in Pittsburgh, USA.
More information about the vulnerability can be found in CERT/CC's alert, located at www.cert.org/advisories/CA-2002-12.html