DHCP Client Service Bug in MS Windows
Results 1 to 8 of 8

Thread: DHCP Client Service Bug in MS Windows

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    DHCP Client Service Bug in MS Windows

    Anybody else seen this yet?

    http://www.microsoft.com/technet/sec.../MS06-036.mspx

    The short of it is this:

    There is a remote code execution vulnerability in the DHCP Client service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Thanks for the heads up...no I hadnt seen that yet

    Mitigating Factors for Buffer Overrun in DHCP Client service Vulnerability - CVE-2006-2372:
    For an attack to be successful the attacker must send the affected host a specially crafted DHCP response communication from the same network subnet.
    so if your behind a firewall...you should be safe from external threats???

    MLF

    edit...funny how 98\ME are not affected by this??

    also the work around is to use a STATIC IP....yeap...I bet ya the ISPs are gonna do that
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    My understanding is that the attacker has to be on your local LAN, but with some spoofing and if the Firewall does not block traffic to internal IPs from the WAN side then I imagine and off site attack is possible.

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Earlier today I was talking about how 98 is less vulnerable to some of the new threats

    http://www.antionline.com/showthread...974#post907666

    Funny how that is....

    I agree it needs to be patched.....I am just glad I dont have to run around tonite to do it.



    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    BANNED
    Join Date
    Nov 2003
    Location
    San Diego
    Posts
    724
    Could it be that 98 isn't affected because it uses FAT32 instead of NTFS? Just an uneducated guess that I thought one of you would have an answer too.
    When death sleeps it dreams of you...

  6. #6
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Nope, doubt file system has anything to do with it. WinNT and Win9x based systems are very different when it comes to services, looks like only the NT branch has the issue.

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I dont think its the file system either....

    what they did change is the way tcpip and dhcp function....and interact with the OS.

    I remember networking in 98 wasnt enabled by default...and any change you had to reboot continually to configure...and if by chance you lost you connection...you had to reboot because 98 wasnt smart enough to find its connection again....

    I think it all has to do with the auto detect\reconnect feature...

    MHO as always

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    It definately has nothing to do with file systems.... WinXP and 2K Can use FAT32 instead of NTFS... (many systems come configured with the primary hard drive as FAT32 even still)..

    It has to do with the implementation of the way that these NT Based systems perform a DHCP Request..... There are plenty of unchecked buffers and boundary type errors in existance... it's just a matter of finding them..

    With DHCP it's a matter of the way things are done... You boot your DHCP Enabled PC.... The software sends out a DHCPDISCOVER... The DHCP Server responds with a DHCPOFFER... This contains things like a valid IP Address from the pool, the gateway, the dns servers, the subnet mask... etc... If the client software is happy with this it sends back a DHCPREQUEST confirming that it will use that data.... This is also a way to inform multiple servers that might respond which of the offers it's going to use... and the server sends back a DHCPACK. For great DHCP Information you can check out http://www.borella.net/mike/MITP432/08%20dhcp.pdf

    A way to mitigate this would be to implement RFC 3118 compliant DHCP servers/clients which allow for authentication....

    My guess for this one is that it's simply an overflow somewhere in the DHCPOFFER packet... It would make sense... to set the IP and data received you'd need rights higher than a regular user... or very specific and customized rights (which don't really exist in the windows world all that often)...

    I wouldn't consider it as serious a problem as it could be... It would have to be a local attack... It's not an external threat for companies... although insider threats can be bad, I know... but there are worse internal threats than this.... For the home user on DSL most of that is PPPoE which would be very difficult to interfere with... For Cable... most users are behind routers these days... that will mitigate the threat... and even if it didn't I'd assume that DHCP is one of the things that these companies filter to prevent rogue DHCP servers....

    All in all it is pretty interesting though.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •