The Internet Software Consortium (ISC) has warned of several buffer overflows in its reference implementation of the DHCP (define) protocol that could allows hackers to execute malicious code on vulnerable systems.

The Dynamic Host Configuration Protocol (DHCP) provides a framework for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In addition to supplying hosts with network configuration data, the ISC's implementation allows the DHCP server to dynamically update a DNS server, eliminating the need for manual updates to the name server configuration. The ISC's DHCP is the de facto standard for all UNIX and UNIX-like systems, including Linux and BSD.

An advisory from the CERT Coordination Center Thursday said the security holes were detected during an internal source code audit by the ISC, a non-profit group that develops production quality Open Source reference implementations of core Internet protocols.

During that audit, ISC developers found bugs in the error handling routines of the minires library, which is used by NSUPDATE to resolve hostnames. "These vulnerabilities are stack-based buffer overflows that may be exploitable by sending a DHCP message containing a large hostname value," CERT/CC warned.

Although the minires library is derived from the BIND 8 resolver library, these vulnerabilities do not affect any current versions of BIND, the Center added.

The Consortium has released fixes in versions 3.0pl2 and 3.0.1RC11 of its DHCP implementation (Download locations here). In the interim, CERT/CC has urged IT administrators to disable the NSUPDATE feature on affected DHCP servers, blocking external access to DHCP server ports or disabling DHCP altogether.

According to the alert, Red Hat distributes a vulnerable version of ISC DHCP in Red Hat Linux 8.0. Red Hat said new DHCP packages are available and urged users of its network to update their systems (See Red Hat advisory).