Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security

Rich Freeman on 26 Sep 2014 09:00:32 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
Date: Fri, 26 Sep 2014 12:00:26 -0400
Cc: Fred Stluka <FredStluka@gmail.com>, Fred Stluka <fred@bristle.com>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=7K/0oe55Pl4/lm2T8lccV7Vz2epj1B6Gz4+kQB9LbxE=; b=UKioc2ZqKZv/VBDqDVaGLiXAUqNaQpl65JZRRRMCMHCEbXC7ponsVLgFldyo4tCPm4 8fTuwkKuFhgE9T27l80WYrYrZ/ychwo3qanw6kzKBOs2xd4M87cDFwYX3nsUCwJR4DFN NmtKff9MvkWIDT0sG0WHdlFHFKk/Rxh5y612F+XozRJLX5DMt85LO+3tIaS01F5srp1Z uWTGJkMSEQYw0n56DI49L+PHa6wdXoXMGF2JR/dLPIsWT73GSZFaGqt92qqfDe+JpZ8c kDupHDeGJpG6yR9owXJhxcWnE7U5qIw1YbBUcjHpZ5PkYwrN/rBgW/g0E7W+JPgQqUQU ufZg==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Fri, Sep 26, 2014 at 11:52 AM, Matt Mossholder <matt@mossholder.com> wrote:
>
> DHCP Clients do choose servers, but only from the set of servers that have
> responded to a DHCP Discover request.
>
> The steps are:
> 1) Client sends out a discover request. (DISCOVER)

Sent to a broadcast address.

> 2) All DHCP servers that receive the request will respond back (OFFER)

Again, sent to a broadcast address.

> 3) The client will choose a server to respond to, and ask for a lease.
> (REQUEST)

Again, sent to a broadcast address.

> 4) The selected server replys back with a lease. (ACK)

Or any other malicious server that wants to spoof the reply from the
selected server could do so, having intercepted all the other traffic
above.

At least, that is how I read the spec.  And of course ANY host on the
network can respond to the initial discover even if they're following
the rest of the spec.

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Fred Stluka <fred@bristle.com>

References:
- [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Chris Grabowy <cgrabowy@gmail.com>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Fred Stluka <fred@bristle.com>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Fred Stluka <fred@bristle.com>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Fred Stluka <fred@bristle.com>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Matt Mossholder <matt@mossholder.com>

Prev by Date: Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
Next by Date: Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
Previous by thread: Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
Next by thread: Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
Index(es):
- Date
- Thread