Opened 3 years ago

Last modified 2 years ago

#3514 new defect

dhcp-ddns server and unauthorized use

Reported by: jreed Owned by:
Priority: medium Milestone: Outstanding Tasks
Component: ddns Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: High
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

I changed the guide warning to:

It is possible for a malicious attacker to send bogus NameChangeRequests? to the DHCP-DDNS server. Addresses other than the IPv4 or IPv6 loopback addresses (127.0.0.1 or ::1) should only be used for testing purposes, but note that local users may still communicate with the DHCP-DDNS server. A future version of Kea will implement authentication to guard against such attacks.

This ticket is a reminder to do this.

One idea is to not use network sockets but to use Unix domain sockets and use file system ownership and permissions to restrict access.

Subtickets

Change History (5)

comment:1 Changed 3 years ago by tomek

  • Milestone changed from Kea-proposed to Kea1.0
  • Version set to git

comment:2 Changed 3 years ago by stephen

  • Component changed from Unclassified to ddns

comment:3 Changed 2 years ago by marcin

  • Milestone changed from Kea1.0 to Kea1.1

Deferring from 1.0 as per 1.0 tickets scrub.

comment:4 Changed 2 years ago by tomek

  • Milestone changed from Kea1.1 to DHCP Outstanding Tasks

comment:5 Changed 2 years ago by tomek

  • Milestone changed from DHCP Outstanding Tasks to Outstanding Tasks

Milestone renamed

Note: See TracTickets for help on using tickets.