[NEWS] @Home Network Subject to DHCP Hijacking
From: support@securiteam.comDate: 08/29/01
- Previous message: support@securiteam.com: "[UNIX] BSCW Symlink Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NEWS] @Home Network Subject to DHCP Hijacking Message-Id: <20010829082749.3F13E138BF@mail.der-keiler.de> Date: Wed, 29 Aug 2001 10:27:49 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
@Home Network Subject to DHCP Hijacking
------------------------------------------------------------------------
SUMMARY
A security vulnerability in the way @Home handles IP address assignment
(DHCP based) allows attackers to hijack IP addresses of other @Home users
by very simple means.
DETAILS
The @Home network assigns IP addresses on a fairly permanent basis to its
subscribers, but it does use DHCP for IP address assignment. It is trivial
matter, however, to take over another @Home account's IP address by
providing another customer's ID for the hostname parameter in DHCP. It is
also trivial to acquire this hostname parameter, since all it requires is
'host @HomeIPaddress' to determine what the customer ID is.
Notification:
@Home has been notified about this problem twice in the last two months,
no response has been received.
ADDITIONAL INFORMATION
The information has been provided by <mailto:randy@viopac.com> Roadkill
Randu.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] BSCW Symlink Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
