dhcpd as included in the ISC DHCP implementation does not properly handle special conditions, leading to a Denial of Service.
Package | net-misc/dhcp on all architectures |
---|---|
Affected versions | < 3.1.2_p1 |
Unaffected versions | >= 3.1.2_p1 |
ISC DHCP is the reference implementation of the Dynamic Host Configuration Protocol as specified in RFC 2131.
Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using "dhcp-client-identifier" and "hardware ethernet".
A remote attacker might send a specially crafted request to dhcpd, possibly resulting in a Denial of Service (daemon crash).
There is no known workaround at this time.
All ISC DHCP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.2_p1"
Release date
August 18, 2009
Latest revision
August 18, 2009: 01
Severity
normal
Exploitable
remote
Bugzilla entries