Debians sikkerhedsbulletin
DSA-245-1 dhcp3 -- ignoreret tællergrænse
- Rapporteret den:
- 28. jan 2003
- Berørte pakker:
- dhcp3
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 6628.
I Mitres CVE-ordbog: CVE-2003-0039.
CERTs noter om sårbarheder, bulletiner og hændelser: VU#149953. - Yderligere oplysninger:
-
Florian Lohoff har opdaget en fejl i dhcrelay, der får programmet til at sende en fortløbende pakkestorm mod den eller de opsatte DHCP-servere i forbindelse med ondsindede BOOTP-pakker, som kan sendes fra fejlbehæftede Cisco-switche.
Når DHCP-relay'et modtager en BOOTP-forespørgsel, sender programmet forespørgslen videre til DHCP-serveren ved hjælp af broadcast-MAC-adressen ff:ff:ff:ff:ff:ff, hvilket får netværksgrænsefladen til at spejle pakken tilbage til socket'en. For at forhindre løkker, kontrollerer dhcrelay hvorvidt relay-adressen er dens egen, er det tilfældet bliver pakken smidt væk. Kombinereret med en manglende kontrol af en øvre grænse til hop-tælleren, kan en angriber tvinge DHCP-relay'et til at sende en fortløbende pakkestorm til den eller de opsatte DHCP-servere.
Denne rettelse bibringer et nyt kommandolinieparameter, -c maxcount, og man rådes til at starte DHCP-relay'et med dhcrelay -c 10 eller et mindre nummer, hvilket kun opretter det pågældende antal pakker.
Programmet dhcrelay fra "dhcp"-pakken, lader ikke til at være påvirket, da DHCP-pakker smides væk, hvis de lader til allerede at have været igennem et relay.
I den stabile distribution (woody) er dette problem rettet i version 3.0+3.0.1rc9-2.2.
Den gamle stabile distribution (potato) indeholder ikke dhcp3-pakker.
I den ustabile distribution (sid) er dette problem rettet i version 1.1.2-1.
Vi anbefaler at du opgraderer dine dhcp3-pakker, hvis du bruger dhcrelay-serveren.
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.dsc
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.diff.gz
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9.orig.tar.gz
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_m68k.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_m68k.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_m68k.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_m68k.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_m68k.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.