Allele Security Alert
ASA-2019-00576
Identifier(s)
ASA-2019-00576, CVE-2019-6474
Title
An oversight when validating incoming client requests can lead to a situation where the Kea server will exit when trying to restart
Vendor(s)
Internet Systems Consortium (ISC)
Product(s)
ISC Kea DHCP
Affected version(s)
ISC Kea DHCP version 1.4.0
ISC Kea DHCP version 1.5.0
ISC Kea DHCP version 1.6.0-beta1 and 1.6.0-beta2
Fixed version(s)
ISC Kea DHCP version 1.4.0-P2
ISC Kea DHCP version 1.5.0-P1
ISC Kea DHCP version 1.6.0
Proof of concept
Unknown
Description
A missing check on incoming client requests can be exploited to cause a situation where the Kea server’s lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. An attacker can exploit the missing check to deliberately create a situation where the server will not restart properly should it stop for any reason.
Technical details
Unknown
Credits
Unknown
Reference(s)
CVE-2019-6474: An oversight when validating incoming client requests can lead to a situation where the Kea server will exit when trying to restart
https://kb.isc.org/docs/cve-2019-6474
CVE-2019-6474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6474
CVE-2019-6474
https://nvd.nist.gov/vuln/detail/CVE-2019-6474
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 21, 2019