Tag Archive for dhcp

Vulnerability in DHCP client let hackers take control of network

A critical remote code execution vulnerability that resides in the DHCP client allows attackers to take control of the system by sending malicious DHCP reply packets.

A Dynamic Host Configuration Protocol (DHCP) Client allows a device to act as a host requesting-configuration parameter, such as an IP address from a DHCP server and the DHCP client can be configured on Ethernet interfaces.

In order to join a client to the network, the packer required to have all the TCP/IP configuration information during DHCP Offer and DHCP Ack.

DHCP protocol works as a client-server model, and it is responsible to dynamically allocate the IP address if the user connects with internet also the DHCP server will be responsible for distributing the IP address to the DHCP client.

This vulnerability will execution the remote code on the system that connected with vulnerable DHCP client that tries to connect with a rogue DHCP server.

Vulnerability Details The remote code execution vulnerability exactly resides in the function of dhcpcore.dll called “DecodeDomainSearchListData” which is responsible for decodes the encoded search list option field value.

During the decoding process, the length of the decoded domain name list will be calculated by the function and allocate the memory and copy the decoded list.

According to McAfee research, A malicious user can create an encoded search list, such that when DecodeDomainSearchListData function decodes, the resulting length is zero. This will lead to heapalloc with zero memory, resulting in an out-of-bound write.

The vulnerability has been patched, and it can be tracked as CVE-2019-0547, The patch includes a check which ensures the size argument to HeapAlloc is not zero. If zero, the function exits.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

A Command Injection Critical Vulnerability Discovered In DHCP

The Dynamic Host Configuration Protocol (DHCP) client incorporated in the Red Hat Enterprise Linux has been recently diagnosed with an order infusion vulnerability (command injection ), which is capable enough to  permit a vindictive mime proficient for setting up a DHCP server or generally equipped for satirizing DHCP reactions and responses on a nearby local network to execute summons with root benefits.

The vulnerability - which is denominated as CVE-2018-1111 by Red Hat - was found by Google engineer Felix Wilhelm, who noticed that the proof-of-exploit code is sufficiently little to fit in a tweet. Red Cap thinks of it as a "critical vulnerability", as noted in the bug report, demonstrating that it can be effectively misused by a remote unauthenticated attacker.

DHCP is utilized to appoint an IP address, DNS servers, and other network configuration ascribes to gadgets on a network. DHCP is utilized as a part of both wired and remote systems. Given that the necessities of utilizing this exploit are basically being on a similar network, this vulnerability would be especially concerned on frameworks prone to be associated with distrustful open Wi-Fi systems, which will probably influence Fedora clients on laptops.

Eventually, any non-isolated system that enables gadgets and various other devices to join without explicit administrator approval, which is ostensibly the purpose of empowering DHCP in any case, is at last a hazard.

This bug influences RHEL 6.x and 7x, and in addition to CentOS 6.x and 7.x, and Fedora 26, 27, 28, and Rawhide. Other operating frameworks based over Fedora/RHEL are probably going to be influenced, including HPE's ClearOS and Oracle Linux, as well as the recently interrupted Korora Linux. Since the issue identifies with a Network Manager Combination script, it is probably not going to influence Linux circulations that are not identified with Fedora or RHEL as they aren’t easily influenced.

dhcp server configuration in centos


Install DHCP Server

Normally it install as part of your OS, if not you can install via YUM

#  yum -y install dhcp

Copy the sample conf file to /etc folder

# cp -f /usr/share/doc/dhcp*/dhcpd.conf.sample /etc/dhcpd.conf

Open Conf file

# vim  /etc/dhcpd.conf

My conf file looks like this

root@ajay:~# cat /etc/dhcpd.conf
default-lease-time 21600;
max-lease-time 43200;
# Dynamic DNS Options
# At least for this version, we won’t be including dynamic DNS updates.
ddns-update-style interim;
#ignore client-updates;
# algorithm HMAC-MD5.SIG-ALG.REG.INT;
# secret QXJjaGl0ZWN0IHZzIE9yYWNsZQo=;
#zone __CLIENT__.private. {
# primary;
#zone 0.168.192.in-addr.arpa. {
# primary;
# Subnets
# Main connection (internal network).
subnet netmask {
# We retain the range–19 for static addresses,
# such as printers, and–49 for PPTP clients.
range dynamic-bootp;
option subnet-mask;
option broadcast-address;
option routers;
option domain-name “Ajay.private”;
option domain-name-servers;
#host abc {
# hardware ethernet 12:34:56:78:AB:CD;
# fixed-address;

After that enable dhcpd in all run levels

# chkconfig dhcpd on

# /etc/init.d/dhcpd start

whala! check your client machine to see if it gets dhcp address