it.ucsf.edu

Security Update: Internet Systems Consortium Releases Security Alert for DHCP Server

Status Type

Security Update

Date and Time

Tuesday, March 8, 2016 - 12:27

Reason

Security Update

Impact

ISC DHCP Administrators

 

WHAT HAPPENED?
Internet Systems Consortium (ISC) has released a security alert to address a vulnerability in versions of ISC Dynamic Host Configuration Protocol (DHCP) server.

In many cases, the ISC DHCP server does not effectively limit the number of simultaneous open TCP connections to the ports the server uses for inter-process communications and control. Because of this, a malicious party could interfere with server operation by opening (and never closing) a large number of TCP connections to the server.

Advanced Users: For a complete description of the vulnerability and affected software refer to ISC’s CVE-2016-2774: An Attacker Who is Allowed to Connect to DHCP Inter-server Communications and Control Channels Can Exhaust Server Resources at https://kb.isc.org/article/AA-01354.


AFFECTED SYSTEMS:

  • ISC DHCP 4.1.0->4.1-ESV-R12-P1, 4.2.0->4.2.8, 4.3.0->4.3.3-P1.


WHAT'S THE PROBLEM?
By exploiting this vulnerability an attacker can interfere with DHCP server operation and cause a Denial of Service.


HOW DO I PROTECT MY COMPUTER?
General Users

  • No action is required.

DHCP Server Administrators

  • ISC will be releasing an update this month (March 2016).
  • In the mean time review ISC’s CVE-2016-2774: An Attacker Who is Allowed to Connect to DHCP Inter-server Communications and Control Channels Can Exhaust Server Resources at https://kb.isc.org/article/AA-01354 for workaround in order to prevent exploitation of the vulnerability.

 

RELATED LINKS