Microsoft Windows Vista DHCP denial of service (DHCP_Broadcast_Assignment)

About this signature or vulnerability

BlackICE Server Protection, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia Desktop, Proventia Network MFS, Proventia Server IPS for Microsoft Windows technology, Proventia-G 1.1 and earlier:

This signature triggers when a DHCP server assigns a broadcast address to a client.


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

BlackICE Server Protection: 3.6.cqv, BlackICE PC Protection: 3.6cqv, RealSecure Server Sensor: XPU 28.020, RealSecure Network: XPU 28.020, Proventia Server IPS for Linux technology: 28.020, Proventia Network IPS: XPU 28.020, Proventia Desktop: 2160, Proventia Network MFS: XPU 28.020, Proventia Server IPS for Microsoft Windows technology: 1.0.914.2160, Proventia Server IPS for Microsoft Windows technology: 2.0.252.2160, Proventia-G 1.1 and earlier: XPU 28.020

Systems affected

Microsoft Windows Vista, Microsoft Windows Vista: x64

Type

Denial of Service

Vulnerability description

Microsoft Windows Vista is vulnerable to a denial of service caused by an error in the Duplicate Address Detection logic used by the Dynamic Host Configuration Protocol (DHCP) server. By creating a malicious DHCP server and assigning identical broadcast IP addresses to multiple hosts, a remote attacker could exploit this vulnerability to cause a vulnerable system to stop responding and automatically reboot once the Duplicate Address Detection logic attempts to remove the duplicate broadcast IP from the IP route table.

How to remove this vulnerability

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-004. See References.

References

Microsoft Security Bulletin MS08-004
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
http://www.microsoft.com/technet/security/bulletin/ms08-004.mspx

IBM Internet Security Systems Protection Alert - Feb. 12, 2008
Remote Vista Denial of Service (DHCP Broadcast)
http://www.iss.net/threats/284.html

ISS X-Force
Microsoft Windows Vista DHCP denial of service
http://www.iss.net/security_center/static/40098.php

CVE
CVE-2008-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0084