CVE-2019-0547
CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for DHCP client services in a system, is vulnerable to malicious DHCP reply packets.
This vulnerability allows remote code execution if the user tries to connect to a network with a rogue DHCP Server, hence making it a critical vulnerability.
DHCP protocol overview
DHCP is a client-server protocol used to dynamically assign IP address when a computer connects to a network. DHCP server listens on port 67 and is responsible for distributing IP addresses to DHCP clients and allocating TCP/IP configuration to endpoints.
The DHCP hand shake is represented below:
During DHCP Offer and DHCP Ack, the packet contains all the TCP/IP configuration information required for a client to join the network. The structure of a DHCP Ack packet is shown below:
The options field holds several parameters required for basic DHCP operation. One of the options in the Options field is Domain Search (type field is 119).
Domain Search Option field (RFC 3397)
This option is passed along with OFFER and ACK packets to the client to specify the domain search list used when resolving hostnames using DNS. The format of the DHCP option field is as follows:
To enable the searchlist to be encoded compactly, searchstrings in the searchlist are concatenated and encoded.
A list of domain names, such as www.example.com and dns.example.com are encoded thus:
Vulnerability
There is a vulnerability in t ..
Support the originator by clicking the read the rest link below.
