DHCP is hard

Presented at Kiwicon 2038AD: The Dystopic Future is Now (2018), Nov. 16, 2018, 4:45 p.m. (30 minutes).

DHCP is a 25 years old network protocol supported by almost every network capable device in existence. However, even the most popular implementations of this protocol still contain exploitable vulnerabilities such as OOB writes, use-after-frees or command injections.

In this talk I'm going to discuss the attack surface provided by the protocol, highlight a number of vulnerabilities I discovered while looking at popular DHCP implementations and try to find reasons why writing a safe implementation of such a seemingly simple protocol is such a hard task. The presentation ends with a deep dive into the exploitation of one of the discovered bugs and a live demo.

Presenters:

• Felix Wilhelm
  Felix Wilhelm is a Security Engineer at Google focusing on cloud and virtualization security. He has discovered vulnerabilities in widely used products ranging from hypervisors and open source network daemons to enterprise software and security appliances. He has presented his research at numerous security conferences including Infiltrate, Syscan, Blackhat, Troopers, HITB and 44Con.

Similar Presentations:

• DEF CON 24 (2016) / Light-Weight Protocol! Serious Equipment! Critical Implications!
• DEF CON 19 (2011) / Fingerbank - Open DHCP Fingerprints Database
• Black Hat USA 2022 / Automatic Protocol Reverse Engineering