SuSE 11.2 Security Update : dhcp (SAT Patch Number 6606)

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This update provides dhcp 4.2.4-p1, which fixes the dhcpv6 server
crashing while accessing the lease on heap and provides the following
additional fixes :

- Security fixes :

- Previously the server code was relaxed to allow packets
with zero length client ids to be processed. Under some
situations use of zero length client ids can cause the
server to go into an infinite loop. As such ids are not
valid according to RFC 2132 section 9.14 the server no
longer accepts them. Client ids with a length of 1 are
also invalid but the server still accepts them in order
to minimize disruption. The restriction will likely be
tightened in the future to disallow ids with a length of
1. (ISC-Bugs #29851, CVE-2012-3571)

- When attempting to convert a DUID from a client id
option into a hardware address handle unexpected client
ids properly. (ISC-Bugs #29852, CVE-2012-3570)

- A pair of memory leaks were found and fixed. (ISC-Bugs
#30024, (CVE-2012-3954) )

- Further upstream fixes :

- Moved lease file check to a separate action so it is not
used in restart -- it can fail when the daemon rewrites
the lease causing a restart failure then.

- Request dhcp6.sntp-servers in /etc/dhclient6.conf and
forward to netconfig for processing.

- Rotate the lease file when running in v6 mode. (ISC-Bugs

- Fixed the code that checks if an address the server is
planning to hand out is in a reserved range. This would
appear as the server being out of addresses in pools
with particular ranges. (ISC-Bugs #26498)

- In the DDNS code handle error conditions more gracefully
and add more logging code. The major change is to handle
unexpected cancel events from the DNS client code.
(ISC-Bugs #26287)

- Tidy up the receive calls and eliminate the need for
found_pkt. (ISC-Bugs #25066)

- Add support for Infiniband over sockets to the server
and relay code.

- Modify the code that determines if an outstanding DDNS
request should be cancelled. This patch results in
cancelling the outstanding request less often. It fixes
the problem caused by a client doing a release where the
TXT and PTR records weren't removed from the DNS.
(ISC-BUGS #27858)

- Remove outdated note in the description of the bootp
keyword about the option not satisfying the requirement
of failover peers for denying dynamic bootp clients.
(ISC-bugs #28574)

- Multiple items to clean up IPv6 address processing. When
processing an IA that we've seen check to see if the
addresses are usable (not in use by somebody else)
before handing it out. When reading in leases from the
file discard expired addresses. When picking an address
for a client include the IA ID in addition to the client
ID to generally pick different addresses for different
IAs. (ISC-Bugs #23138, #27945, #25586, #27684)

- Remove unnecessary checks in the lease query code and
clean up several compiler issues (some dereferences of
NULL and treating an int as a boolean). (ISC-Bugs

- Fix the NA and PD allocation code to handle the case
where a client provides a preference and the server
doesn't have any addresses or prefixes available.
Previoulsy the server ignored the request with this
patch it replies with a NoAddrsAvail or NoPrefixAvail
response. By default the code performs according to the
errata of August 2010 for RFC 3315 section 17.2.2; to
enable the previous style see the section on
RFC3315_PRE_ERRATA_2010_08 in includes/site.h.

- Fix up some issues found by static analysis. A potential
memory leak and NULL dereference in omapi. The use of a
boolean test instead of a bitwise test in dst. (ISC-Bugs

In addition, the dhcp-server init script now checks the syntax prior
restarting the daemon to avoid stopping of the daemon when a start
would fail.

See also :

Solution :

Apply SAT patch number 6606.

Risk factor :

Medium / CVSS Base Score : 6.1

Family: SuSE Local Security Checks

Nessus Plugin ID: 64122 ()

Bugtraq ID:

CVE ID: CVE-2012-3570

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now