Gentoo Logo

ISC DHCP: dhcpd Denial of Service

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200908-08 / dhcp
Release Date August 18, 2009
Latest Revision August 18, 2009: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/dhcp < 3.1.2_p1 >= 3.1.2_p1 All supported architectures

Related bugreports: #275231

Synopsis

dhcpd as included in the ISC DHCP implementation does not properly handle special conditions, leading to a Denial of Service.

2.  Impact Information

Background

ISC DHCP is the reference implementation of the Dynamic Host Configuration Protocol as specified in RFC 2131.

Description

Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using "dhcp-client-identifier" and "hardware ethernet".

Impact

A remote attacker might send a specially crafted request to dhcpd, possibly resulting in a Denial of Service (daemon crash).

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All ISC DHCP users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.2_p1"

4.  References

Print

Updated August 18, 2009

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Support OSL
Gentoo Centric Hosting: vr.org
Tek Alchemy
SevenL.net
Global Netoptex Inc.
Bytemark
Online Kredit Index
Copyright 2001-2009 Gentoo Foundation, Inc. Questions, Comments? Contact us.