IPS-1 Protection for VMWare DHCP Vulnerability (DHCP Version 7)
| Check Point Reference: | CPAI-2007-203 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory 26890 | |
| Industry Reference(s): | CVE-2007-0063 | |
| Protection Provided by: |
IPS-1
|
|
Who is Vulnerable?
| ||
| Vulnerability Description A vulnerability exists in the EMC VMWare DHCP service. The service fails to properly parse UDP payloads and as a result can be exploited for arbitrary code execution. |
||
|
Update/Patch Available Patched versions of all products are available; update to the latest version of the appropriate VMWare product.
|
|
|
Vulnerability Details The DHCP service provided by the VMWare host machine is used to assign IP addresses to hosts on a Virtual network. This service contains a vulnerability that is observed when processing UDP datagrams. If a UDP datagram destined for the DHCP service contains a malformed/incomplete header, an erroneous payload size calculation triggers an integer underflow. This results in an extremely large value for the payload size that can overrun an internal UDP payload destination buffer. Successful exploitation of this vulnerability can result in arbitrary code execution on the host machine, and granted root (Unix workstations) or SYSTEM (Windows) privilege. It is observed that although it is theoretically possible, under certain host routing constraints, to trigger the underflow from outside of the virtual host network, it is probable that code execution is not likely, due to additional data appended to the request. |
Protection Overview
The DHCP Protection Group has been augmented to detect these UDP payload anomalies on the network and trigger an alert.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
N/A