cnvd - cnvd-2018-06542

cnvd-2018-06542

Vulnerability from cnvd

Title: ISC DHCP缓冲区溢出漏洞

Description:

ISC DHCP是一个实现用于连接到IP网络的动态主机配置协议的开源软件。

ISC DHCP存在缓冲区溢出漏洞。攻击者可通过远程服务器返回特制响应，从而可触发DHCP选项处理发生缓冲区溢出，从而可导致目标dhclient崩溃。

Severity: 高

Patch Name: ISC DHCP缓冲区溢出漏洞的补丁

Patch Description:

ISC DHCP是一个实现用于连接到IP网络的动态主机配置协议的开源软件。

ISC DHCP存在缓冲区溢出漏洞。攻击者可通过远程服务器返回特制响应，从而可触发DHCP选项处理发生缓冲区溢出，从而可导致目标dhclient崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://kb.isc.org/article/AA-01565/75/CVE-2018-5732

Reference: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732

Impacted products

Name
['ISC DHCP 4.1.0 - 4.1-ESV-R15', 'ISC DHCP 4.2.0 - 4.2.8', 'ISC DHCP 4.3.0 - 4.3.6', 'ISC DHCP 4.4.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-5732"
    }
  },
  "description": "ISC DHCP\u662f\u4e00\u4e2a\u5b9e\u73b0\u7528\u4e8e\u8fde\u63a5\u5230IP\u7f51\u7edc\u7684\u52a8\u6001\u4e3b\u673a\u914d\u7f6e\u534f\u8bae\u7684\u5f00\u6e90\u8f6f\u4ef6\u3002\r\n\r\nISC DHCP\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdc\u7a0b\u670d\u52a1\u5668\u8fd4\u56de\u7279\u5236\u54cd\u5e94\uff0c\u4ece\u800c\u53ef\u89e6\u53d1DHCP\u9009\u9879\u5904\u7406\u53d1\u751f\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u76ee\u6807dhclient\u5d29\u6e83\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.isc.org/article/AA-01565/75/CVE-2018-5732",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06542",
  "openTime": "2018-03-28",
  "patchDescription": "ISC DHCP\u662f\u4e00\u4e2a\u5b9e\u73b0\u7528\u4e8e\u8fde\u63a5\u5230IP\u7f51\u7edc\u7684\u52a8\u6001\u4e3b\u673a\u914d\u7f6e\u534f\u8bae\u7684\u5f00\u6e90\u8f6f\u4ef6\u3002\r\n\r\nISC DHCP\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdc\u7a0b\u670d\u52a1\u5668\u8fd4\u56de\u7279\u5236\u54cd\u5e94\uff0c\u4ece\u800c\u53ef\u89e6\u53d1DHCP\u9009\u9879\u5904\u7406\u53d1\u751f\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u76ee\u6807dhclient\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ISC DHCP\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ISC DHCP 4.1.0 - 4.1-ESV-R15",
      "ISC DHCP 4.2.0 - 4.2.8",
      "ISC DHCP 4.3.0 - 4.3.6",
      "ISC DHCP 4.4.0"
    ]
  },
  "referenceLink": "https://kb.isc.org/article/AA-01565/75/CVE-2018-5732",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-01",
  "title": "ISC DHCP\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2018-5732 (GCVE-0-2018-5732)

Vulnerability from cvelistv5

Published

2019-10-09 14:17

Modified

2024-09-16 18:19

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur.

Summary

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

References

▼	URL	Tags
	https://kb.isc.org/docs/aa-01565	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ISC	ISC DHCP	Version: ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:40:51.169Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/aa-01565"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ISC DHCP",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
        }
      ],
      "datePublic": "2018-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T14:17:14",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/aa-01565"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e=   DHCP 4.1-ESV-R15-P1\n \u003e=   DHCP 4.3.6-P1\n \u003e=   DHCP 4.4.1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
          "ID": "CVE-2018-5732",
          "STATE": "PUBLIC",
          "TITLE": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ISC DHCP",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "ISC DHCP",
                            "version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/docs/aa-01565",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/aa-01565"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e=   DHCP 4.1-ESV-R15-P1\n \u003e=   DHCP 4.3.6-P1\n \u003e=   DHCP 4.4.1"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2018-5732",
    "datePublished": "2019-10-09T14:17:14.251822Z",
    "dateReserved": "2018-01-17T00:00:00",
    "dateUpdated": "2024-09-16T18:19:36.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted