** Changed in: isc-dhcp (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1717476
Title: DHCP Transaction ID (xid) is logged with INFO loglevel Status in isc-dhcp package in Ubuntu: Confirmed Bug description: The patch dhcp-4.2.4-improved-xid.patch (https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1401141) added logging of the Transaction ID (xid) to dhclient: - log_info ("DHCPACK from %s", piaddr (packet -> client_addr)); + log_info ("DHCPACK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); - log_info ("DHCPNAK from %s", piaddr (packet -> client_addr)); + log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); - log_info ("DHCPDISCOVER on %s to %s port %d interval %ld", + log_info ("DHCPDISCOVER on %s to %s port %d interval %ld (xid=0x%x)", - log_info ("DHCPREQUEST of %s on %s to %s port %d", + log_info ("DHCPREQUEST of %s on %s to %s port %d (xid=0x%x)", - log_info ("DHCPDECLINE on %s to %s port %d", + log_info ("DHCPDECLINE on %s to %s port %d (xid=0x%x)", - log_info ("DHCPRELEASE on %s to %s port %d", + log_info ("DHCPRELEASE on %s to %s port %d (xid=0x%x)", Under certain circumstances, this can lead to the xid being leaked to remote machines (syslog) or visible to unprivileged users. Having the xid, it is possible to flood a target machine with DHCPACK replies and spoof a upcoming DHCPREQUEST answer (Proof of concept avail on request). I would not say this is a direct security issue, but more of a potential information disclosure and could lead to an issue in combination with other factors (e.g. syslog files of a target machine are accessible to an attacker). Still I don't see why this logging of xid is necessary and would recommend to either: - remove logging of the xid entirely - only log xid in log level DEBUG This issue was confirmed to be in place for the the most recent version of isc-dhcp-client shipped with Ubuntu 17.04. (4.3.5-3ubuntu1). Note: this patch is not included in the Debian package of isc-dhcp- client (https://packages.debian.org/stretch/isc-dhcp-client), therefor this issue does only affect Ubuntu. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1717476/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp