** Changed in: isc-dhcp (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1717476
Title:
DHCP Transaction ID (xid) is logged with INFO loglevel
Status in isc-dhcp package in Ubuntu:
Confirmed
Bug description:
The patch dhcp-4.2.4-improved-xid.patch
(https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1401141)
added logging of the Transaction ID (xid) to dhclient:
- log_info ("DHCPACK from %s", piaddr (packet -> client_addr));
+ log_info ("DHCPACK from %s (xid=0x%x)", piaddr (packet ->
client_addr), client -> xid);
- log_info ("DHCPNAK from %s", piaddr (packet -> client_addr));
+ log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet ->
client_addr), client -> xid);
- log_info ("DHCPDISCOVER on %s to %s port %d interval %ld",
+ log_info ("DHCPDISCOVER on %s to %s port %d interval %ld (xid=0x%x)",
- log_info ("DHCPREQUEST of %s on %s to %s port %d",
+ log_info ("DHCPREQUEST of %s on %s to %s port %d (xid=0x%x)",
- log_info ("DHCPDECLINE on %s to %s port %d",
+ log_info ("DHCPDECLINE on %s to %s port %d (xid=0x%x)",
- log_info ("DHCPRELEASE on %s to %s port %d",
+ log_info ("DHCPRELEASE on %s to %s port %d (xid=0x%x)",
Under certain circumstances, this can lead to the xid being leaked to
remote machines (syslog) or visible to unprivileged users.
Having the xid, it is possible to flood a target machine with DHCPACK
replies and spoof a upcoming DHCPREQUEST answer (Proof of concept
avail on request).
I would not say this is a direct security issue, but more of a
potential information disclosure and could lead to an issue in
combination with other factors (e.g. syslog files of a target machine
are accessible to an attacker). Still I don't see why this logging of
xid is necessary and would recommend to either:
- remove logging of the xid entirely
- only log xid in log level DEBUG
This issue was confirmed to be in place for the the most recent
version of isc-dhcp-client shipped with Ubuntu 17.04.
(4.3.5-3ubuntu1).
Note: this patch is not included in the Debian package of isc-dhcp-
client (https://packages.debian.org/stretch/isc-dhcp-client), therefor
this issue does only affect Ubuntu.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1717476/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
