Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

5.49. dhcp

Updated dhcp packages that fix three security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address.

Security Fixes

CVE-2012-3571
A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time.
CVE-2012-3954
Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests.
Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of CVE-2012-3571, and Glen Eustace of Massey University, New Zealand, as the original reporter of CVE-2012-3954.
Users of DHCP should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all DHCP servers will be restarted automatically.
Updated dhcp packages that fix several bugs and add two enhancements are now available for Red Hat Enterprise Linux 6.
The dhcp package provides software to support the Dynamic Host Configuration Protocol (DHCP) and DHCPv6 protocol. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to obtain their own network configuration information, including an IP address, a subnet mask, and a broadcast address.

Bug Fixes

BZ#656339
Previously, when dhclient was unsuccessful in obtaining or renewing an address, it restored the resolv.conf file from backup even when there were other dhclient processes running. Consequently, network traffic could be unnecessarily interrupted. The bug in dhclient-script has been fixed and dhclient now restores resolv.conf from backup only if there are no other dhclient processes running.
BZ#747017
A bug caused an infinite loop in a dhcpd process when dhcpd tried to parse the slp-service-scope option in dhcpd.conf. As a consequence, dhcpd entered an infinite loop on startup consuming 100% of the CPU cycles. This update improves the code and the problem no longer occurs.
BZ#752116
Previously, the DHCPv4 client did not check whether the address received in a DHCPACK message was already in use. As a consequence, it was possible that after a reboot two clients could have the same, conflicting, IP address. With this update, the bug has been fixed and DHCPv4 client now performs duplicate address detection (DAD) and sends a DHCPDECLINE message if the address received in DHCPACK is already in use, as per RFC 2131.
BZ#756759
When dhclient is invoked with the "-1" command-line option, it should try to get a lease once and on failure exit with status code 2. Previously, when dhclient was invoked with the "-1" command-line option, and then issued a DHCPDECLINE message, it continued in trying to obtain a lease. With this update, the dhclient code has been fixed. As a result, dhclient stops trying to obtain a lease and exits after sending DHCPDECLINE when started with the "-1" option.
BZ#789719
Previously, dhclient kept sending DHCPDISCOVER messages in an infinite loop when started with the "-timeout" option having a value of 3 or less (seconds). With this update, the problem has been fixed and the "-timeout" option works as expected with all values.

Enhancements

BZ#790686
The DHCP server daemon now uses portreserve for reserving ports 647 and 847 to prevent other programs from occupying them.
BZ#798735
All DHCPv6 options defined in RFC5970, except for the Boot File Parameters Option, were implemented. This allows the DHCPv6 server to pass boot file URLs back to IPv6-based netbooting clients (UEFI) based on the system's architecture.
Users are advised to upgrade to these updated dhcp packages, which fix these bugs and add these enhancements.