GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Aug 22, 2009 7:26 am Post subject: [ GLSA 200908-08 ] ISC DHCP: dhcpd Denial of Service |
|
|
Gentoo Linux Security Advisory
Title: ISC DHCP: dhcpd Denial of Service (GLSA 200908-08)
Severity: normal
Exploitable: remote
Date: August 18, 2009
Bug(s): #275231
ID: 200908-08
Synopsis
dhcpd as included in the ISC DHCP implementation does not properly handle
special conditions, leading to a Denial of Service.
Background
ISC DHCP is the reference implementation of the Dynamic Host
Configuration Protocol as specified in RFC 2131.
Affected Packages
Package: net-misc/dhcp
Vulnerable: < 3.1.2_p1
Unaffected: >= 3.1.2_p1
Architectures: All supported architectures
Description
Christoph Biedl discovered that dhcpd does not properly handle certain
DHCP requests when configured both using "dhcp-client-identifier" and
"hardware ethernet".
Impact
A remote attacker might send a specially crafted request to dhcpd,
possibly resulting in a Denial of Service (daemon crash).
Workaround
There is no known workaround at this time.
Resolution
All ISC DHCP users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.2_p1" |
References
CVE-2009-1892
Last edited by GLSA on Sun Nov 22, 2009 4:29 am; edited 1 time in total |
|