[Bug 680298] New: OpenSUSE 11.4 DHCP Server OMAPI bug
https://bugzilla.novell.com/show_bug.cgi?id=680298 https://bugzilla.novell.com/show_bug.cgi?id=680298#c0 Summary: OpenSUSE 11.4 DHCP Server OMAPI bug Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: SuSE Other Status: NEW Severity: Critical Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jrosink@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; nl; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.10 (maverick) Firefox/3.6.15 OpenSUSE 11.4 ships with dhcp-server-4.2.0.P2-6.9.1 which contains some serious issues in the OMAPI stuff. Enabling OMAPI in the dhcpd.conf and connecting to a server with the OMAPI CLI fails, also the dhcpd process goes mad with 100% CPU. This version and bug is making a dhcp failover configuration, especially when things go wrong and the secondary isn't reachable, unusable. It's reported also at the isc mailinglist, and confirmed fixed in version 4.2.1-rc1. https://lists.isc.org/pipermail/dhcp-users/2011-February/012780.html Now 4.2.1 is final upstream could you please upgrade the dhcp-server or backport the OMAPI fix ? http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES Reproducible: Always Steps to Reproduce: 1. Enable OMAPI port and key in dhcpd.conf 2. Connect to OMAPI CLI 3. Connecting to configured OMAPI Server port fails and dhcpd process -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c1
Marius Tomaschewski
It's reported also at the isc mailinglist, and confirmed fixed in version 4.2.1-rc1.
Yes, sure. I'll review it ASAP and we will decide then how to fix it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c4
Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c5
--- Comment #5 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c6
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c7
Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c8
Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c9
--- Comment #9 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c10
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c11
--- Comment #11 from Marius Tomaschewski
Security relevant? http://thread.gmane.org/gmane.comp.security.oss.general/4820
To answer the question in this thread: The OMAPI port is disabled by default. It is used to _manage_ the server, e.g. trigger failover in failover setups, changing interal states or also define new in-memory objects (e.g. a lease) or even shut down a server or a failover node. Basically it allows to "modify" the internal server state at runtime. It should be *never* open "for public use", e.g. to some users. Of course, the action causes 100% CPU use, what affects the system and the DHCP service itself, so it is a kind of DoS as any other 100% CPU bug, but I don't think this is a true security issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c12
Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=680298
https://bugzilla.novell.com/show_bug.cgi?id=680298#c13
--- Comment #13 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com