Debian Bug report logs -
#712503
dhcpd is listening on random port for all interfaces
Reported by: skirpichev@gmail.com
Date: Sun, 16 Jun 2013 14:45:01 UTC
Severity: important
Tags: security
Found in versions isc-dhcp/4.2.2.dfsg.1-5+deb70u6, isc-dhcp-server/4.3.5-3+deb9u1, isc-dhcp/4.3.1-6+deb8u2, isc-dhcp/4.3.5-3.1
Fixed in version isc-dhcp/4.3.3-2
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#712503; Package isc-dhcp-server.
(Sun, 16 Jun 2013 14:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to skirpichev@gmail.com:
New Bug report received and forwarded. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>.
(Sun, 16 Jun 2013 14:45:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: isc-dhcp-server
Version: 4.2.2.dfsg.1-5+deb70u6
Severity: important
Tags: security
Actually, there are two issues:
1) dhcpd is listening on random port (UDP) for all interfaces, no
configuration option or CLI switch can fix with this situation.
2) moreover, dhcpd is listening for UDPv6 too, even if you include -4
option for dhcpd:
$ cat /etc/default/isc-dhcp-server | sed '/^$/d;/^#/d'
INTERFACES="br0"
OPTIONS="-4"
$ ps w 15686
PID TTY STAT TIME COMMAND
15686 ? Ss 0:00 /usr/sbin/dhcpd -q -4 -cf /etc/dhcp/dhcpd.conf -pf /var/run/dhcpd.pid br0
$ netstat -tulp
[...]
udp 0 0 *:9922 *:* 15686/dhcpd
udp 0 0 home.test:domain *:* 4832/named
udp 0 0 home.test:bootps *:* 15686/dhcpd
udp6 0 0 [::]:37045 [::]:* 15686/dhcpd
PS: See also http://forums.debian.net/viewtopic.php?f=10&t=95273
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Sun, 06 Sep 2015 04:36:16 GMT) (full text, mbox, link).
Notification sent
to skirpichev@gmail.com:
Bug acknowledged by developer.
(Sun, 06 Sep 2015 04:36:16 GMT) (full text, mbox, link).
Message #10 received at 712503-close@bugs.debian.org (full text, mbox, reply):
Source: isc-dhcp
Source-Version: 4.3.3-2
We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 712503@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated isc-dhcp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 06 Sep 2015 04:21:05 +0000
Source: isc-dhcp
Binary: isc-dhcp-server isc-dhcp-dbg isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-udeb isc-dhcp-relay
Architecture: source
Version: 4.3.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
isc-dhcp-client - DHCP client for automatically obtaining an IP address
isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb)
isc-dhcp-common - common files used by all of the isc-dhcp packages
isc-dhcp-dbg - ISC DHCP server for automatic IP address assignment (debuging sym
isc-dhcp-dev - API for accessing and modifying the DHCP server and client state
isc-dhcp-relay - ISC DHCP relay daemon
isc-dhcp-server - ISC DHCP server for automatic IP address assignment
isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend
Closes: 570895 677918 704175 712503 792928 793490 794771 795227
Changes:
isc-dhcp (4.3.3-2) unstable; urgency=medium
.
* Use default paths for lease files.
* Move omshell into the server package.
* Avoid unnecessary libirs dependencies.
* Recommend rather than depend isc-dhcp-common.
* Disable NSUPDATE (closes: #712503).
* Update translation (closes: #677918).
* Enable pid file logging (closes: #792928).
* Fix variables in manpages (closes: #570895).
* Use a symlink for the debug script (closes: #794771).
* Enable -user, -group, and -chroot server options (closes: #793490).
* Avoid launching the server when its already running (closes: #704175).
* Fix error when max lease time is used on 64-bit systems (closes: #795227).
Checksums-Sha1:
2a74794ae95cc10a05bd16bf2ef1eaf724530670 3224 isc-dhcp_4.3.3-2.dsc
2984fe734fbe86765a04f943e2053f7f3c7e4e60 80204 isc-dhcp_4.3.3-2.debian.tar.xz
Checksums-Sha256:
4fa8bd7fd0b872061786524e79ef0329c05934683284a192121ac594f7789619 3224 isc-dhcp_4.3.3-2.dsc
753f81dd887c13273869667164d04b2db8cf95c54ba8b857eba5622640e41971 80204 isc-dhcp_4.3.3-2.debian.tar.xz
Files:
76f9bea3fea310be54b6e5c3a4fd7506 3224 net important isc-dhcp_4.3.3-2.dsc
75884fcf2f95073695f532f282f21a85 80204 net important isc-dhcp_4.3.3-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJV68E7AAoJELjWss0C1vRzer4gAJ1PeTgQsRS1DxiG04AkdjgU
o45uo0W7TRCwjqISLCj7i3ZRIzmPEjue6IUtkPPeYmlcKyhAlnomZW1gaf6MsMh0
9x0u3G1z7Y2Gwx6QUbvmCdrfLvT7FRbUgiRysGdUqRlipxLE61a9GKPADbHp5lrr
GT1htjGFVbX3c0Z9y7dTxLzzTLnflcgcQcXhWYsiRAMPphYxtWr63pu+GJ2ioGVe
bkthx37yUle2PLjmcRa88F+BBW/YKPEdzeV9S+bDk6E4xIobp+N+IBgq/zVYLruQ
KMG9KTN+nB7yNT5G3g82WY+PToPxkALeJYQ8aRofCKCz9bBweuB1cwwX80Geo1Ln
M2H/vblX3z7t/HIRviHRFb5PJ7BdWZQErlTDTvFVAnebGwyu29k9Wxx4KroXeb0l
Qu47P5okrJm8IkTpukAdTmU5wXKrFQ7tOCzMyVyi2rVDL+aG5U+fEHSHI/60o2kH
i9a8fDFcYSdBSYeQoiAYy6Hcno01BUK7eq0PmjL89ke0xKyhJ5rhjXr+NiGNVJhv
EIZuuA1RSGZCqyZO5OyP/sXClO/DsLmpXD7cGCYRQdWKx1yqU2uj/wGpbpBGAm84
CLjbVMzDRUKsxMneA01h/w8znxUD3Hd9PN7D1mHoWkEWXn0clxDNPdmi1UZ7X9EM
zTd47zJ66a6b0aK/2j37jRu3SqTVyx9oB5+6tpjm9Yq8IZ8ykHETVjc+1L69sbLh
w9lK2/Mga4FsZF/EjUIFOsdPMBYJQ9fD3LB7DrwhRJ0xv42WuA+m9Jf4R+6NKf4p
4DMB4ER9pFkk8MgrsqZlmW6ZRY4J1Ac+/5cddr3j/JwykvYHV/9/eKf0G4MyePBb
rv19B4j14vU8gEyI4jaVbWZFU0SDTs4nFzH/yYIXeDkcIkVxRbJ9T0voyLrdJ5VW
wF9BtDeh59VjnGOeC34P8C8WFiLOKhUUfYSZLMpfi7sBRTmimVASSpgk9jwu+p2l
0mRIZf9RLo0nmOB7bdWIg4xJw9m/1eOrDKLWQU/cugZfWP0cRcMqKCxB/LRE33Tw
fZ+s9kLSWnKAYlyt3DeFR9Z5By3N1tFihfsniSLmG1rT9sk1rL7thIPkYxRtqGue
oysnXtGDw4cq6fzuqYdjZSwHqWFP7viiHwvzNWOtgVBd1POK4heJovMzlwAZROTl
gGO3GUioHeV81oCfcCwzhB0QNxyFXY7yZ03MauDDxcGd/sxRlduZtzGdyZlbb/4z
ajCV3UVE76PkzkcWEHgIpKaG4O+a6IemgCmeLZCn8cmvGtJvsmSFpggEo/lnLmFe
iaWdSht+QwEFiL+wKHsU0FjHyvBqil2etfAVe+U8A9Gx8Q//xie8wh30UyKdkKM=
=qwxj
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 04 Oct 2015 07:26:43 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Alexey Pikalev <a234@gmx.com>
to control@bugs.debian.org.
(Sun, 24 Jan 2016 04:03:03 GMT) (full text, mbox, link).
Bug reopened
Request was from Alexey Pikalev <a234@gmx.com>
to control@bugs.debian.org.
(Sun, 24 Jan 2016 04:03:04 GMT) (full text, mbox, link).
No longer marked as fixed in versions isc-dhcp/4.3.3-2.
Request was from Alexey Pikalev <a234@gmx.com>
to control@bugs.debian.org.
(Sun, 24 Jan 2016 04:03:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#712503; Package isc-dhcp-server.
(Sun, 24 Jan 2016 04:09:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Alexey Pikalev <a234@gmx.com>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>.
(Sun, 24 Jan 2016 04:09:08 GMT) (full text, mbox, link).
Message #23 received at 712503@bugs.debian.org (full text, mbox, reply):
Package: isc-dhcp-server
Version: 4.3.1-6+deb8u2
Hello. Same in stable?
# netstat -tulp|grep dhcp
udp 0 0 *:bootps *:*
29110/dhcpd
udp 0 0 *:24658 *:*
29110/dhcpd
udp6 0 0 [::]:58601 [::]:*
29110/dhcpd
# cat /etc/default/isc-dhcp-server | sed '/^$/d;/^#/d'
INTERFACES=""
OPTIONS="-4"
Marked as fixed in versions isc-dhcp/4.3.3-2.
Request was from Alexey Pikalev <a234@gmx.com>
to control@bugs.debian.org.
(Sun, 24 Jan 2016 04:21:03 GMT) (full text, mbox, link).
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Sun, 24 Jan 2016 17:42:33 GMT) (full text, mbox, link).
Notification sent
to skirpichev@gmail.com:
Bug acknowledged by developer.
(Sun, 24 Jan 2016 17:42:34 GMT) (full text, mbox, link).
Message #30 received at 712503-close@bugs.debian.org (full text, mbox, reply):
On Sat, Jan 23, 2016 at 11:04 PM, Alexey Pikalev wrote:
> Hello. Same in stable?
Closedness is not based on the packages in stable.
Best wishes,
Mike
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 22 Feb 2016 07:25:57 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Debeselis <debeselis@gmail.com>
to control@bugs.debian.org.
(Sun, 18 Mar 2018 09:39:06 GMT) (full text, mbox, link).
Marked as found in versions isc-dhcp-server/4.3.5-3+deb9u1 and reopened.
Request was from Debeselis <debeselis@gmail.com>
to control@bugs.debian.org.
(Sun, 18 Mar 2018 09:39:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#712503; Package isc-dhcp-server.
(Sun, 18 Mar 2018 09:45:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Debeselis <debeselis@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>.
(Sun, 18 Mar 2018 09:45:07 GMT) (full text, mbox, link).
Message #41 received at 712503@bugs.debian.org (full text, mbox, reply):
Hi,
Bug is still there. I do not use ipv6, I have OPTIONS="-4" set, but the netstat output is:
netstat -tupln
udp 0 0 0.0.0.0:42793 0.0.0.0:* 8135/dhcpd
udp6 0 0 :::4547 :::* 8135/dhcpd
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#712503; Package isc-dhcp-server.
(Fri, 23 Mar 2018 10:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Rimvydas <rimvydas@rimvydas.info>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>.
(Fri, 23 Mar 2018 10:24:04 GMT) (full text, mbox, link).
Message #46 received at 712503@bugs.debian.org (full text, mbox, reply):
Package: isc-dhcp-server
Version: 4.3.5-3.1
Followup-For: Bug #712503
Dear Maintainer,
-- System Information:
Debian Release: 9.4
APT prefers stable
APT policy: (700, 'stable'), (650, 'testing'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Actually, there are two issues:
1) dhcpd is listening on random port (UDP) for all interfaces, no
configuration option or CLI switch can fix with this situation.
2) moreover, dhcpd is listening for UDPv6 too, even if you include -4
option for dhcpd (I have ipv6 disabled via sysctl)
$ cat /etc/default/isc-dhcp-server
INTERFACES="eth2"
OPTIONS="-4"
PID TTY STAT TIME COMMAND
7714 ? Ss 0:00 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth2
$ netstat -tulp
udp 0 0 0.0.0.0:23961 0.0.0.0:* 7714/dhcpd
udp6 0 0 :::64049 :::* 7714/dhcpd
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#712503; Package isc-dhcp-server.
(Thu, 30 Aug 2018 12:00:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Imran K <gururug@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>.
(Thu, 30 Aug 2018 12:00:03 GMT) (full text, mbox, link).
Message #51 received at 712503@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
root@nuc:/# ps aux | grep dhcpd | grep -v grep
root 3223 0.0 0.0 22764 9780 ? Ss Aug29 0:01
/usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eno1
root@nuc:/# lsof -i -nP | grep dhcpd
dhcpd 3223 root 7u IPv4 1903742 0t0 UDP *:67
dhcpd 3223 root 20u IPv4 1903736 0t0 UDP *:21258
dhcpd 3223 root 21u IPv6 1903737 0t0 UDP *:9127
root@nuc:/# cat /etc/default/isc-dhcp-server | grep = | grep -v pid
DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
OPTIONS="-4"
INTERFACESv4="eno1"
#INTERFACESv6=""
FYI: /etc/dhcp/dhcpd.conf
+local-address 10.32.1.23;
goes 1/3 of the to workaround......
[Message part 2 (text/html, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org>:
Bug#712503; Package isc-dhcp-server.
(Mon, 23 Dec 2019 23:09:11 GMT) (full text, mbox, link).
Acknowledgement sent
to karlnorma <karlnorma@xtronics.com>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org>.
(Mon, 23 Dec 2019 23:09:12 GMT) (full text, mbox, link).
Message #56 received at 712503@bugs.debian.org (full text, mbox, reply):
From https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpd#PORTS
( with TCP and imcp port bits cut out:)
Normally a DHCPv4 server will open a raw UDP socket to receive and send most DHCPv4 packets. It also
opens a fallback UDP socket for use in sending unicast packets. Normally these will both use the
well known port number for BOOTPS.
...
For DHCPv6 the server opens a UDP socket on the well known dhcpv6-server port.
...
When DDNS is enabled at compile time (see includes/site.h) the server will open both a v4 and a v6
UDP socket on random ports, unless DDNS updates are globally disabled by setting ddns-update-style
to none in the configuration file.
,.,.
Not best practice to listen on ports when not used .. should be part of the config -- but an
upstream issue.
--------------------------------------------------------------------------------
Karl Schmidt EMail karl@lrak.net
3209 West 9th Street Ph (785) 979-8397
Lawrence, KS 66049
Life is so short, precious, and delicate. All we have is a bit of time.
Best not to waste it. -kps
Carpe diem -- Horace - from 'Carpe diem quam minimum credula postero'
--------------------------------------------------------------------------------
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org>:
Bug#712503; Package isc-dhcp-server.
(Sat, 02 May 2020 23:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to pamelarender45@gmail.com:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org>.
(Sat, 02 May 2020 23:18:04 GMT) (full text, mbox, link).
Message #61 received at 712503@bugs.debian.org (full text, mbox, reply):
Greetings From Miss Pamela Render Please I Need Your Urgent Reply!
I'm Pamela Render, from USA. I am a highly motivated and willing to learn, I'm also hard working lady, very relaible. I really want to establish mutual friendship with you, I will introduce myself better as soon as i receive your email response.
Kind regards
Miss Pamela Render
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org>:
Bug#712503; Package isc-dhcp-server.
(Tue, 23 Mar 2021 20:57:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Busra Yaldiz <yaldiz96@icloud.com>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org>.
Your message did not contain a Subject field. They are recommended and
useful because the title of a Bug is determined using this field.
Please remember to include a Subject field in your messages in future.
(Tue, 23 Mar 2021 20:57:12 GMT) (full text, mbox, link).
Message #66 received at 712503@bugs.debian.org (full text, mbox, reply):
Sent from my iPhone
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Mar 9 06:42:21 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.