Bugzilla – Bug 961305
VUL-0: CVE-2015-8605: dhcp: UDP payload length not properly checked enabling DoS
Last modified: 2016-02-29 22:13:39 UTC
Created attachment 661289 [details] Patches UDP payload length not properly checked CVE: CVE-2015-8605 Document Version: 1.0 Posting date: 12 January 2016 Program Impacted: DHCP Versions affected: 4.0.x, 4.1.x, 4.2.x, 4.1-ESV -> 4.1-ESV-R12, 4.3.0->4.3.3. 3.x may also be affected but has not been tested. Severity: Medium Exploitable: From adjacent networks Description: A badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or relay program to terminate abnormally. Impact: Nearly all IPv4 DHCP clients and relays, and most IPv4 DHCP servers are potentially affected. A server, client, or relay that is built to only be able to process unicast packets (i.e. those that have already been processed by the OS UDP/IP stack) is not affected, however this build configuration is not normally viable for clients and relays. Servers with this build configuration require a relay in order to be able to process DISCOVER and other broadcast requests from clients. Not all potentially-affected builds will actually be affected, but because it is difficult to identify or predict those which should be upgraded, our advice is that all builds should be considered vulnerable. CVSS Score: 5.7 CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:N/A:C) For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:A/AC:M/Au:N/C:N/I:N/A:C) Workarounds: None likely, but in some environments following the advice from https://kb.isc.org/article/AA-00573 can substantially reduce the risk by limiting the exposure of a DHCP server to "controlled" networks and clients. Active exploits: No known active exploits. Solution: Upgrade to the patched release most closely related to your current version of DHCP. These can all be downloaded from http://www.isc.org/downloads . DHCP version 4.1-ESV-R13 ftp://ftp.isc.org/isc/dhcp/private/5f57484a98dd14c4 DHCP version 4.3.3-P1 ftp://ftp.isc.org/isc/dhcp/private/60f330a69566c52d Acknowledgements: Thanks to Sebastian Poehn from Sophos for reporting this issue. CRD: 2016-01-12 12:00 PST
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Jan. 25, 2016". When done, reassign the bug to "security-team@suse.de". /update/121249/.
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Jan. 25, 2016". When done, reassign the bug to "security-team@suse.de". /update/62423/.
bugbot adjusting priority
public http://seclists.org/oss-sec/2016/q1/82
This is an autogenerated message for OBS integration: This bug (961305) was mentioned in https://build.opensuse.org/request/show/356097 Factory / dhcp
SUSE-SU-2016:0481-1: An update that solves one vulnerability and has 6 fixes is now available. Category: security (moderate) Bug References: 880984,919959,926159,928390,936923,947780,961305 CVE References: CVE-2015-8605 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): dhcp-4.2.4.P2-0.24.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): dhcp-4.2.4.P2-0.24.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): dhcp-4.2.4.P2-0.24.1 SUSE Linux Enterprise Server 11-SP4 (src): dhcp-4.2.4.P2-0.24.1 SUSE Linux Enterprise Server 11-SP3 (src): dhcp-4.2.4.P2-0.24.1 SUSE Linux Enterprise Desktop 11-SP4 (src): dhcp-4.2.4.P2-0.24.1 SUSE Linux Enterprise Desktop 11-SP3 (src): dhcp-4.2.4.P2-0.24.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): dhcp-4.2.4.P2-0.24.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): dhcp-4.2.4.P2-0.24.1
This is an autogenerated message for OBS integration: This bug (961305) was mentioned in https://build.opensuse.org/request/show/360124 42.1 / dhcp https://build.opensuse.org/request/show/360132 13.2 / dhcp
released
SUSE-SU-2016:0540-1: An update that solves one vulnerability and has 11 fixes is now available. Category: security (moderate) Bug References: 880984,891961,910686,912098,919959,926159,928390,936923,947780,956159,960506,961305 CVE References: CVE-2015-8605 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): dhcp-4.2.6-14.3.1 SUSE Linux Enterprise Server 12 (src): dhcp-4.2.6-14.3.1 SUSE Linux Enterprise Desktop 12 (src): dhcp-4.2.6-14.3.1
SUSE-SU-2016:0541-1: An update that solves one vulnerability and has four fixes is now available. Category: security (moderate) Bug References: 880984,936923,956159,960506,961305 CVE References: CVE-2015-8605 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): dhcp-4.3.3-4.1 SUSE Linux Enterprise Server 12-SP1 (src): dhcp-4.3.3-4.1 SUSE Linux Enterprise Desktop 12-SP1 (src): dhcp-4.3.3-4.1
openSUSE-SU-2016:0601-1: An update that solves one vulnerability and has 10 fixes is now available. Category: security (moderate) Bug References: 880984,910686,912098,919959,926159,928390,936923,947780,956159,960506,961305 CVE References: CVE-2015-8605 Sources used: openSUSE 13.2 (src): dhcp-4.2.6-9.16.1
openSUSE-SU-2016:0610-1: An update that solves one vulnerability and has four fixes is now available. Category: security (moderate) Bug References: 880984,936923,956159,960506,961305 CVE References: CVE-2015-8605 Sources used: openSUSE Leap 42.1 (src): dhcp-4.3.3-4.1