oss-sec mailing list archives
CVE Request -- dhcp: DoS (excessive CPU use) by opening an OMAPI connection
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 06 Apr 2011 19:09:55 +0200
Hello Josh, Steve, vendors, A security flaw was found in the way DHCP (Dynamic Host Configuration Protocol) server processed remote connections when the dhcpd was configured to provide Object Management API (OMAPI) capability. A remote attacker could use this flaw to cause denial of service (excessive CPU use and dhcpd daemon unreachability). References: [1] https://bugzilla.novell.com/show_bug.cgi?id=680298 [2] https://lists.isc.org/pipermail/dhcp-users/2011-February/012780.html [3] https://lists.isc.org/pipermail/dhcp-users/2011-February/012781.html [4] https://bugzilla.redhat.com/show_bug.cgi?id=666441 [5] http://www.mentby.com/Group/dhcp-users/omapi-not-working-in-420.html Note: Though looks as minor / low severity issue, under proper configuration looks to be a way, how to get dhcpd completely unresponsive for further requests. Could you allocate a CVE id for this? (though opened for discussion if this being more to be a bug, than a real security issue). Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- dhcp: DoS (excessive CPU use) by opening an OMAPI connection Jan Lieskovsky (Apr 06)
- Re: CVE Request -- dhcp: DoS (excessive CPU use) by opening an OMAPI connection Jan Lieskovsky (Apr 06)