Lucene search

K
gentooGentoo FoundationGLSA-200908-08
HistoryAug 18, 2009 - 12:00 a.m.

ISC DHCP: dhcpd Denial of service

2009-08-1800:00:00
Gentoo Foundation
security.gentoo.org
17

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.073 Low

EPSS

Percentile

94.1%

Background

ISC DHCP is the reference implementation of the Dynamic Host Configuration Protocol as specified in RFC 2131.

Description

Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using “dhcp-client-identifier” and “hardware ethernet”.

Impact

A remote attacker might send a specially crafted request to dhcpd, possibly resulting in a Denial of Service (daemon crash).

Workaround

There is no known workaround at this time.

Resolution

All ISC DHCP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.2_p1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/dhcp< 3.1.2_p1UNKNOWN

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.073 Low

EPSS

Percentile

94.1%