14 DAY TRIAL // ICS, the Internet Systems Consortium, has fixed a flaw in its DHCP software stack, that would have allowed an attacker to crash DHCP clients, servers, and relays.
The DHCP (Dynamic Host Configuration Profile) protocol allows a device to request and receive an IP address from a local server. The protocol is one of the Internet's cornerstones and is crucial for modern Internet-connected equipment, allowing it to dynamically connect to servers without having to manually set an IP address in each device's configuration.
The protocol is supported in devices that need Internet connectivity via special software packages. One of the most used software packages that ensure DHCP support is ICS' DHCP implementation.
Sophos security researchers have recently discovered a flaw that affects all versions of the ICS DHCP package, which can be crashed by sending it a malicious network packet with an invalid IPv4 UDP length field.
Malicious UDP packages can crash DHCP servers and clients
All DHCP servers, clients, and relays are affected, except those configured to work only in unicast mode. While DHCP works most of the time in unicast mode alone, the initial DHCP client-server negotiations always take place via multicast messages. This means that very few machines (only in special network configurations) are set up to work solely via unicast mode, and thus are susceptible to these attacks.
The purpose of crashing a DHCP client can be to separate a machine from its original network, or if the server is targeted, to crash a LAN network in various attack scenarios.
ICS says that there's no mitigation technique that can be applied to avoid these types of attacks and that the only way to protect themselves is for users to update to the most recent version of the DHCP package.
To fix this issue (CVE-2015-8605), ICS has released versions 4.1-ESV-R12-P1 and 4.3.3-P1 of its DHCP package.