你在这里

Cert 脆弱性通告(CVE-2011-4539)

2011年12月7日 ISC(国际互联网会员会)公布其DHCP服务器的一个弱点(CVE-2011-4539)。远程攻击者可以发送经特殊构造的DHCP请求包到DHCP服务器,造成服务器在进行“~=” 与“~~”操作使出现错误.从而影响到DHCP服务。

因Infoblox产品对GUI的数据进行校验,所以使用GUI做配置时不会出现在这样的问题,但是如果使用专家模式不在此列。如果客户使用了专家模式DHCP请与技术人员联系。

更多关于CVE-2011-4539的信息请点 这里


以下是英文原文

On December 7, 2011 the Internet Systems Consortium (ISC) announced vulnerabilities in their DHCP server, CVE-2011-4539. A remote attacker who is able to send DHCP Request packets the DHCP server can cause the DHCP to segfault when configured with expressions using the “~=” and “~~” comparison operators.

Because the Infoblox product provides GUI input validation for advanced DHCP expression creation Infoblox users in the common deployment scenario are not vulnerable to this issue. There are very uncommon scenarios in which the operators can be written to the DHCP configuration file. This only applies to customers who are running DHCP Expert Mode and have created expressions that utilize the “~=” and “==” operators. It is important to note that DHCP Expert Mode requires explicit configuration and is not enabled by default. It is unlikely that a typical customer is running DHCP Expert Mode and has used these operators.