DHCP is a 25 years old network protocol supported by almost every network-capable device in existence. However, even the most popular implementations of this protocol still contain exploitable vulnerabilities such as OOB writes, use-after-frees or command injections.
In this talk, I will discuss the attack surface provided by the protocol, highlight a number of vulnerabilities I discovered while looking at popular DHCP implementations and try to find reasons why writing a safe implementation of such a seemingly simple protocol is such a hard task.
The presentation ends with a deep dive into the exploitation of one of the discovered bugs and a live demo.