ISC DHCP: dhcpd Denial of Service — GLSA 200908-08

dhcpd as included in the ISC DHCP implementation does not properly handle special conditions, leading to a Denial of Service.

Affected Packages

net-misc/dhcp on all architectures
Affected versions < 3.1.2_p1
Unaffected versions >= 3.1.2_p1

Background

ISC DHCP is the reference implementation of the Dynamic Host Configuration Protocol as specified in RFC 2131.

Description

Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using "dhcp-client-identifier" and "hardware ethernet".

Impact

A remote attacker might send a specially crafted request to dhcpd, possibly resulting in a Denial of Service (daemon crash).

Workaround

There is no known workaround at this time.

Resolution

All ISC DHCP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.2_p1"

References

Release Date
August 18, 2009

Latest Revision
August 18, 2009: 01

Severity
normal

Exploitable
remote

Bugzilla entries