Microsoft Windows Vista DHCP denial of service (DHCP_Broadcast_Assignment)

About this signature or vulnerability

Proventia Network IPS, Proventia Desktop, BlackICE PC Protection, BlackICE Server Protection, RealSecure Network, RealSecure Server Sensor, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature triggers when a DHCP server assigns a broadcast address to a client.


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

Proventia Network IPS: XPU 28.020, Proventia Desktop: 2160, BlackICE PC Protection: 3.6cqv, BlackICE Server Protection: 3.6.cqv, RealSecure Network: XPU 28.020, RealSecure Server Sensor: XPU 28.020, Proventia Network MFS: XPU 28.020, Proventia-G 1.1 and earlier: XPU 28.020, Proventia Network IDS: XPU 28.020, IBM Security Server Protection for Windows: 2.0.252.2160, IBM Security Server Protection for Windows: 1.0.914.2160, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 28.020, Virtual Server Protection for Vmware: 1.0

Systems affected

Microsoft Windows Vista, Microsoft Windows Vista: x64

Type

Denial of Service

Vulnerability description

Microsoft Windows Vista is vulnerable to a denial of service caused by an error in the Duplicate Address Detection logic used by the Dynamic Host Configuration Protocol (DHCP) server. By creating a malicious DHCP server and assigning identical broadcast IP addresses to multiple hosts, a remote attacker could exploit this vulnerability to cause a vulnerable system to stop responding and automatically reboot once the Duplicate Address Detection logic attempts to remove the duplicate broadcast IP from the IP route table.

How to remove this vulnerability

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-004. See References.

References

Microsoft Security Bulletin MS08-004
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
http://www.microsoft.com/technet/security/bulletin/ms08-004.mspx

IBM Internet Security Systems Protection Alert - Feb. 12, 2008
Remote Vista Denial of Service (DHCP Broadcast)
http://www.iss.net/threats/284.html

ISS X-Force
Microsoft Windows Vista DHCP denial of service
http://www.iss.net/security_center/static/40098.php

CVE
CVE-2008-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0084