Printable View
Anybody else seen this yet?
http://www.microsoft.com/technet/sec.../MS06-036.mspx
The short of it is this:
Quote:
There is a remote code execution vulnerability in the DHCP Client service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
Thanks for the heads up...no I hadnt seen that yet
so if your behind a firewall...you should be safe from external threats???Quote:
Mitigating Factors for Buffer Overrun in DHCP Client service Vulnerability - CVE-2006-2372:
For an attack to be successful the attacker must send the affected host a specially crafted DHCP response communication from the same network subnet.
MLF
edit...funny how 98\ME are not affected by this??
also the work around is to use a STATIC IP....yeap...I bet ya the ISPs are gonna do that :rolleyes:
My understanding is that the attacker has to be on your local LAN, but with some spoofing and if the Firewall does not block traffic to internal IPs from the WAN side then I imagine and off site attack is possible.
Earlier today I was talking about how 98 is less vulnerable to some of the new threats
http://www.antionline.com/showthread...974#post907666
Funny how that is....
I agree it needs to be patched.....I am just glad I dont have to run around tonite to do it.
:D
MLF
Could it be that 98 isn't affected because it uses FAT32 instead of NTFS? Just an uneducated guess that I thought one of you would have an answer too.
Nope, doubt file system has anything to do with it. WinNT and Win9x based systems are very different when it comes to services, looks like only the NT branch has the issue.
I dont think its the file system either....
what they did change is the way tcpip and dhcp function....and interact with the OS.
I remember networking in 98 wasnt enabled by default...and any change you had to reboot continually to configure...and if by chance you lost you connection...you had to reboot because 98 wasnt smart enough to find its connection again....
I think it all has to do with the auto detect\reconnect feature...
MHO as always
MLF
Hey Hey,
It definately has nothing to do with file systems.... WinXP and 2K Can use FAT32 instead of NTFS... (many systems come configured with the primary hard drive as FAT32 even still)..
It has to do with the implementation of the way that these NT Based systems perform a DHCP Request..... There are plenty of unchecked buffers and boundary type errors in existance... it's just a matter of finding them..
With DHCP it's a matter of the way things are done... You boot your DHCP Enabled PC.... The software sends out a DHCPDISCOVER... The DHCP Server responds with a DHCPOFFER... This contains things like a valid IP Address from the pool, the gateway, the dns servers, the subnet mask... etc... If the client software is happy with this it sends back a DHCPREQUEST confirming that it will use that data.... This is also a way to inform multiple servers that might respond which of the offers it's going to use... and the server sends back a DHCPACK. For great DHCP Information you can check out http://www.borella.net/mike/MITP432/08%20dhcp.pdf
A way to mitigate this would be to implement RFC 3118 compliant DHCP servers/clients which allow for authentication....
My guess for this one is that it's simply an overflow somewhere in the DHCPOFFER packet... It would make sense... to set the IP and data received you'd need rights higher than a regular user... or very specific and customized rights (which don't really exist in the windows world all that often)...
I wouldn't consider it as serious a problem as it could be... It would have to be a local attack... It's not an external threat for companies... although insider threats can be bad, I know... but there are worse internal threats than this.... For the home user on DSL most of that is PPPoE which would be very difficult to interfere with... For Cable... most users are behind routers these days... that will mitigate the threat... and even if it didn't I'd assume that DHCP is one of the things that these companies filter to prevent rogue DHCP servers....
All in all it is pretty interesting though.
Peace,
HT