Home

Remote Vista Denial of Service (DHCP Broadcast)

Notification Type:	IBM Internet Security Systems Protection Alert
Notification Date:	Feb. 12, 2008
Notification Version:	1.0

Name:	Remote Vista Denial of Service (DHCP Broadcast)
Public disclosure/ In the wild date:	Feb. 12, 2008 (vuln disclosure)
Aliases:	MS08-004
CVE:	CVE-2008-0084
Description:	Microsoft Windows Vista is vulnerable to a denial of service caused by an error in the Duplicate Address Detection logic used by the Dynamic Host Configuration Protocol (DHCP) server.

ISS Coverage

Product	Content Version
Network Sensor 7.0 Proventia A Proventia IPS (G/GX) Server Sensor 7.0 Proventia Multifunction Appliance Proventia Server (Linux)	XPU 28.020
Proventia Server (Windows) Proventia Desktop	2160
BlackICE PC Protection 3.6	cqv

Propagation Techniques	ISS Protection	Available
remote exploit	DHCP_Broadcast_Assignment	Feb 13, 2008

Detailed Description

Business Impact:	This denial of service takes down the entire operating system, so it is considered to be more critical than most denial of service issues that simply affect a service. To be successful however, an attacker must set up a malicious DHCP server.
CVSS for XFIDs 38721 and 38722:	Base Score:		7.8
		Access Vector:	Network
		Access Complexity:	Low
		Authentication:	None
		Confidentiality Impact:	None
		Integrity Impact:	None
		Availability Impact:	Complete

	Adjusted Temporal Score:		5.8
		Exploitability:	Unproven
		Remediation Level:	Official-Fix
		Report Confidence:	Confirmed
Affected Products:	For a full list of affected versions, see references below.
Technical Description:	Microsoft Windows Vista is vulnerable to a denial of service caused by an error in the Duplicate Address Detection logic used by the Dynamic Host Configuration Protocol (DHCP) server. By creating a malicious DHCP server and assigning identical broadcast IP addresses to multiple hosts, a remote attacker could exploit this vulnerability to cause a vulnerable system to stop responding and automatically reboot once the Duplicate Address Detection logic attempts to remove the duplicate broadcast IP from the IP route table.
Remediation:	Patches are available for this issue. See References for details.

References

XFDB	http://xforce.iss.net/xforce/xfdb/40098
Microsoft:	http://www.microsoft.com/technet/security/bulletin/ms08-004.mspx

Revision History

1.0	Initial publication.

About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.