ISC DHCPD NSUPDATE MiniRes库远程缓冲区溢出漏洞-一一网

漏洞信息详情

ISC DHCPD NSUPDATE MiniRes库远程缓冲区溢出漏洞

CNNVD编号：CNNVD-200301-034

危害等级：高危
CVE编号：
CVE-2003-0026
漏洞类型：

边界条件错误
发布时间：

2003-01-17
威胁类型：

远程
更新时间：

2005-10-20
厂商：

isc
漏洞来源：
ISC Developers

漏洞简介

DHCPD是动态主机配置协议，提供通过TCP/IP网络对主机传递配置信息。
DHCPD包含的minires库在处理主机名时没有进行正确缓冲区边界检查，远程攻击者可以利用这个漏洞进行缓冲区溢出攻击，可能以root用户权限在系统上执行任意指令。
DHCPD也提供给主机一些网络配置数据，ISC DHCPD允许DHCP服务程序动态更新DNS服务器，支持动态DNS更新是通过NSUPDATE功能实现。
在内部源代码审核中，ISC开发人员发现由NSUPDATE所调用的minires库在解析主机名时存在多个漏洞。这些漏洞是由于对主机名长度缺少正确检查。攻击者可以通过发送包含超长主机名值的DHCP消息来出发基于栈的缓冲区溢出，精心提供DHCP消息数据可能以root用户权限在系统上执行任意指令。
虽然minires库由BIND 8解析库改变而来，但这些漏洞在当前任何BIND版本中不存在。

漏洞公告

临时解决方法：
如果您不能立刻安装补丁或者升级，CNNVD建议您采取以下措施以降低威胁：

* 建议关闭ISC DHCP服务器的NSUPDATE功能。

* 限制外部不可信资源访问DHCP服务器的TCP/UDP 67，68端口。
厂商补丁：
Conectiva
———
http://www.debian.org/security/2003/dsa-231” target=”_blank”>
http://www.debian.org/security/2003/dsa-231
Debian
——
Debian已经为此发布了一个安全公告(DSA-231-1)以及相应补丁:

DSA-231-1：New dhcp3 packages fix arbitrary code execution

链接：http://www.debian.org/security/2002/dsa-231” target=”_blank”>
http://www.debian.org/security/2002/dsa-231

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.1.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.1.dsc

Size/MD5 checksum: 730 37209f2e8ff29f9d38e4f812183a8321

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.1.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.1.diff.gz

Size/MD5 checksum: 23781 d6b2e0bcf1b32d52423202ae5f988cf6

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9.orig.tar.gz

Size/MD5 checksum: 809803 3cc4758e5a59362315393a1874dfcb21

Alpha architecture:

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_alpha.deb

Size/MD5 checksum: 416508 773f104e93a351675621d4b812dedb0d

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_alpha.deb

Size/MD5 checksum: 216042 2a7c64e688ca68bf0b227334ba2d7833

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_alpha.deb

Size/MD5 checksum: 106842 9020774e6cdc310a3a3cf2a42ba58d63

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_alpha.deb

Size/MD5 checksum: 287082 189f63d99acb438981c10800d7783d44

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_alpha.deb

Size/MD5 checksum: 526816 08d076cefd29fa5e0055fda006cac383

ARM architecture:

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_arm.deb

Size/MD5 checksum: 386804 842b5eb5de805516022bada7f0094822

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_arm.deb

Size/MD5 checksum: 188558 5dbbd9b9ab025f52024b19627bfbdc72

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_arm.deb

Size/MD5 checksum: 93316 57bfc9321b7d10ae70ec6214d59bcb2f

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_arm.deb

Size/MD5 checksum: 273220 6a99a3da6a633477ae430d92f68f2184

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_arm.deb

Size/MD5 checksum: 484438 677cd67a76fc9814fe2a7c3ca4a1a492

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_i386.deb

Size/MD5 checksum: 375234 eadc1375ff236a3f6fd831340fa23bb2

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_i386.deb

Size/MD5 checksum: 178496 afd9dda61da369a5ff76b15803fd4136

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_i386.deb

Size/MD5 checksum: 82020 6137706b46e9b5d0f8d85bf0188f2050

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_i386.deb

Size/MD5 checksum: 269162 289c850ffa01157b09537ec57bf25d0c

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_i386.deb

Size/MD5 checksum: 465074 fae064fc37dede8a61bf836248e97e34

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_ia64.deb

Size/MD5 checksum: 549968 cf516c3021a7a9467d0bd5e8bc5467c4

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_ia64.deb

Size/MD5 checksum: 339122 abfcc44debcca325e01b76031536bacd

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_ia64.deb

Size/MD5 checksum: 134170 d2683f5f882b01422dab6ee93983c0a5

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_ia64.deb

Size/MD5 checksum: 348612 97101d3f841d5509f61664e27158cf23

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_ia64.deb

Size/MD5 checksum: 701398 5bc9980f56c7830a04f21bfedb228959

HP Precision architecture:

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_hppa.deb

Size/MD5 checksum: 384788 f733a3a7db9c641cff4594212f275984

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_hppa.deb

Size/MD5 checksum: 188118 5928747afeb44dfd8cfd8e02c332068f

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_hppa.deb

Size/MD5 checksum: 92962 2044c3e40799aeb2d328b6084d611016

http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2

参考网址

来源:US-CERT Vulnerability Note: VU#284857
名称: VU#284857
链接:http://www.kb.cert.org/vuls/id/284857

来源:CERT/CC Advisory: CA-2003-01
名称: CA-2003-01
链接:http://www.cert.org/advisories/CA-2003-01.html

来源: REDHAT
名称: RHSA-2003:011
链接:http://www.redhat.com/support/errata/RHSA-2003-011.html

来源: DEBIAN
名称: DSA-231
链接:http://www.debian.org/security/2003/dsa-231

来源: XF
名称: dhcpd-minires-multiple-bo(11073)
链接:http://xforce.iss.net/xforce/xfdb/11073

来源: SUSE
名称: SuSE-SA:2003:006
链接:http://www.suse.com/de/security/2003_006_dhcp.html

来源: SECTRACK
名称: 1005924
链接:http://www.securitytracker.com/id?1005924

来源: BID
名称: 6627
链接:http://www.securityfocus.com/bid/6627

来源: OPENPKG
名称: OpenPKG-SA-2003.002
链接:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html

来源: MANDRAKE
名称: MDKSA-2003:007
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:007

来源: CIAC
名称: N-031
链接:http://www.ciac.org/ciac/bulletins/n-031.shtml

来源: CONECTIVA
名称: CLA-2003:562
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562

来源: BUGTRAQ
名称: 20030122 [securityslackware.com: [slackware-security] New DHCP packages available]
链接:http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html