The Internet Software Consortium (ISC) has issued an advisory stating it has discovered several buffer overflow vulnerabilities in its implementation of a protocol that automatically assigns IP addresses to client stations logging into TCP/IP networks.
The Dynamic Host Configuration Protocol (DHCP) eliminates the need to manually assign permanent IP addresses and runs in servers and network devices including ISDN routers and modem routers that allow multiple users access to the Internet. The ISC DHCPD allows the DHCP server to dynamically update a domain name server (DNS) eliminating the need for manual updates to the name server configuration.
According to a report from the CERT Coordination Center, the vulnerabilities in the DHCP implementation are common results of malfunctioning software and occur when the amount of data written into one buffer exceeds the size of that buffer and the additional data then is written into other areas. The flaw could allow remote attackers to execute arbitrary code on affected systems, although as of Wednesday no exploits had been reported.
Linux developer Red Hat Inc. distributes a vulnerable version of ISC DHCP in its Red Hat Linux 8.0, although all other versions of Red Hat Linux are not vulnerable to the flaws.
As stated by CERT, the following companies’ products are not susceptible to the buffer overflow vulnerabilities: Apple Computer Inc.; Berkeley Software Design Inc.; Cisco Systems; Cray Inc.; Fujitsu; Hewlett-Packard Co.; Hitachi Ltd.; IBM Corp.; MontaVista Software; NEC Inc.; NetBSD; NetScreen; OpenBSD; Openwall GNU/*/Linux; Riverstone Networks; and Sun Microsystems Inc.
The ISC has issued a patched version of 3.0 available now and a new release candidate for the next bug-fix release. Both can be found at www.isc.org/products/DCHP/.
Red Hat Linux 8.0 users can update systems at http://rhn.redhat.com/errata/RHSA-2003-011.html.