The Internet Systems Consortium (ISC) fixed a flaw in its Dynamic Host Configuration Profile (DHCP) software stack where an attacker could crash DHCP clients, servers, and relays.
The DHCP protocol allows a device to request and receive an IP address from a local server. The protocol is one of the Internet’s cornerstones and is crucial for modern Internet-connected equipment, allowing it to dynamically connect to servers without having to manually set an IP address in each device’s configuration.
The protocol ends up supported in devices that need Internet connectivity via special software packages. One of the most used software packages that ensure DHCP support is ISC’ DHCP implementation.
Security researchers at Sophos discovered a flaw that affects all versions of the ISC DHCP package, which can cause a denial of service (DoS) by sending it a malicious network packet with an invalid IPv4 UDP length field.
All DHCP servers, clients, and relays end up affected, except those configured to work only in unicast mode. While DHCP works most of the time in unicast mode alone, the initial DHCP client-server negotiations always take place via multicast messages. This means that very few machines (only in special network configurations) are set up to work solely via unicast mode, and thus are susceptible to these attacks.
The purpose of crashing a DHCP client can be to separate a machine from its original network, or if the server ends up targeted, to crash a LAN network in various attack scenarios.
ISC said there is no mitigation technique to apply to avoid these types of attacks and the only protection is for users to update to the most recent version of the DHCP package.
To fix this issue, ISC released versions 4.1-ESV-R12-P1 and 4.3.3-P1 of its DHCP package.
Click here to view the ISC advisory.