利用此弱点的远程攻击者可以直接发送精心构造的数据包给包含受影响的DHCP服务的Infoblox设备,导致Infoblox的DHCP服务中断。不开启DHCP服务的Infoblox设备不受此影响
关于此弱点的更多信息在这里
受影响的NIOS版本
- NIOS 6.2.0
- NIOS 6.1.0~6.1.3
- NIOS 5.0r1~5.1r4-5
- NIOS 4.2r4-0~4.3r8-4
- NIOS 6.2.0
如果采用以上的列出的NIOS版本并且开启了DHCP服务,必须升级NIOS到以下已经解决掉CVE-2011-2748 或 CVE-2011-2749弱点的版本之一。如果不是使用以上版本的NIOS系统则不需要进行升级。
早于6.2.1的NIOS 6.2版本:
- NIOS6.2.1 升级所有6.2.X的版本
- NIOS 6.1.4 升级所有 6.1.X 与 6.0.X版
- NIOS 5.1r4-6 升级所有5.1X版本, 5.1r5-0 升级所有 5.0.X版
- NIOS 4.3r8-5 升级之前的 4.2r4-X 到 4.3r8-4版本
推荐用户结合自身情况情况选择以下的升级操作:
- 使用 NIOS v6.2.0的客户应该升级到 6.2.1
- 使用 NIOS 6.0.X 与早于于6.1.4的6.1.X 版本的客户应该升级到 6.1.4
- 使用 NIOS 5.0rX 与5.1rX的客户应该升级到 5.1r4-6
- 使用 NIOS 4.X 版的客户应该升级到 4.3r8-5
以下是英文原文
On August 10, 2011 the Internet Systems Consortium (ISC) announced vulnerabilities in their DHCP server, CVE-2011-2748 and CVE-2011-2749. Some versions of Infoblox NIOS are vulnerable to both issues. A defect in the affected DHCP server versions allows an attacker to remotely cause the "dhcpd" process to exit using a specially crafted packet.
To exploit the vulnerability a remote attacker could send the specially crafted packet directly to an Infoblox appliance running a vulnerable version of DHCP. Infoblox systems with the DHCP service disabled are not vulnerable to this exploit.
More information on these alerts can be found here.
Affected NIOS versions:
- NIOS 6.2.0
- NIOS 6.1.0 – 6.1.3
- NIOS 6.0.0 – 6.0.7
- NIOS 5.0r1 – 5.1r4-5
- NIOS 4.2r4-0 – 4.3r8-4
For customers running NIOS 6.2 prior to 6.2.1:
- NIOS 6.2.1 updates all previous versions of 6.2.X
- NIOS 6.1.4 updates all previous versions of 6.1.X and 6.0.X
- NIOS 5.1r4-6 or 5.1r5-0 updates all previous versions of 5.1.X and 5.0.X
- NIOS 4.3r8-5 updates all previous versions of NIOS 4.2r4-X – 4.3r8-4
- Customers running NIOS 6.2.0 should upgrade to 6.2.1
- Customers running NIOS 6.0.X and 6.1.X prior to 6.1.4 should upgrade to 6.1.4
- Customers running NIOS 5.0rX and 5.1rX should upgrade to 5.1r4-6
- Customers running NIOS 4.X should upgrade to 4.3r8-5
