Vigil@nce - ISC DHCP: denial of service via IPv6 Lease Expiration
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send to ISC DHCP an IPv6 lease renewal query, with
a malicious expiration date, in order to stop it.
Impacted products: Debian, Fedora, ISC DHCP, MES, openSUSE,
Slackware
Severity: 2/4
Creation date: 13/09/2012
DESCRIPTION OF THE VULNERABILITY
The ISC DHCP service provides an IP address to clients, which is
valid during the duration of the lease.
The client can query a lease renewal, in order to extend it.
However, an IPv6 client can query a lease renewal with a short
duration, so that the new ending date is anterior to the
previously obtained ending date. In this case, a computation error
occurs in ISC DHCP, and it stops.
An attacker can therefore send to ISC DHCP an IPv6 lease renewal
query, with a malicious expiration date, in order to stop it.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ISC-DHCP-denial-of-service-via-IPv6-Lease-Expiration-11941