Hi Sven - I just became aware of this because of your tweet. We (ISC) investigated this back in September and determined it was not present in ISC's distribution. Further, we felt it was not a significant security issue in any case. I haven't found any issue in our bug database with your name as reporter, however, so if you can tell me the bugID, I will make sure it is updated and closed. I sincerely apologize if we dropped the ball on updating you. If you would like to message me privately, I would also like to know what alias or ID you pinged so many times, because I suspect that ended up in a spam filter somewhere - at least I can't find it in our issue tracker. Thank you.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1717476 Title: DHCP Transaction ID (xid) is logged with INFO loglevel Status in isc-dhcp package in Ubuntu: New Bug description: The patch dhcp-4.2.4-improved-xid.patch (https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1401141) added logging of the Transaction ID (xid) to dhclient: - log_info ("DHCPACK from %s", piaddr (packet -> client_addr)); + log_info ("DHCPACK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); - log_info ("DHCPNAK from %s", piaddr (packet -> client_addr)); + log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); - log_info ("DHCPDISCOVER on %s to %s port %d interval %ld", + log_info ("DHCPDISCOVER on %s to %s port %d interval %ld (xid=0x%x)", - log_info ("DHCPREQUEST of %s on %s to %s port %d", + log_info ("DHCPREQUEST of %s on %s to %s port %d (xid=0x%x)", - log_info ("DHCPDECLINE on %s to %s port %d", + log_info ("DHCPDECLINE on %s to %s port %d (xid=0x%x)", - log_info ("DHCPRELEASE on %s to %s port %d", + log_info ("DHCPRELEASE on %s to %s port %d (xid=0x%x)", Under certain circumstances, this can lead to the xid being leaked to remote machines (syslog) or visible to unprivileged users. Having the xid, it is possible to flood a target machine with DHCPACK replies and spoof a upcoming DHCPREQUEST answer (Proof of concept avail on request). I would not say this is a direct security issue, but more of a potential information disclosure and could lead to an issue in combination with other factors (e.g. syslog files of a target machine are accessible to an attacker). Still I don't see why this logging of xid is necessary and would recommend to either: - remove logging of the xid entirely - only log xid in log level DEBUG This issue was confirmed to be in place for the the most recent version of isc-dhcp-client shipped with Ubuntu 17.04. (4.3.5-3ubuntu1). Note: this patch is not included in the Debian package of isc-dhcp- client (https://packages.debian.org/stretch/isc-dhcp-client), therefor this issue does only affect Ubuntu. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1717476/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
