DHCP Denial of Service Vulnerability Patched

The Internet Systems Consortium (ISC) on Tuesday patched a denial-of-service vulnerability in numerous versions of DHCP.

The flaw affects nearly all IPv4 DHCP clients and relays and most servers, ISC said in its advisory.

“A badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or relay program to terminate abnormally,” ISC said.

DHCP, or the Dynamic Host Configuration Profile, automates the assignment of IP hosts with IP addresses and configuration information. Its used in all Windows clients and most Windows server deployments dating back to Windows 98.

The use of DHCP frees Windows administrators, for example, from manually configuring IP addresses for networked computers.

ISC added that servers, clients and relays built to process only unicast packets are not affected by this vulnerability, the organization cautions that this is an unusual configuration.

“Not all potentially-affected builds will actually be affected, but because it is difficult to identify or predict those which should be upgraded, our advice is that all builds should be considered vulnerable,” ISC said, adding that it is not aware of active exploits against this flaw.

ISC added that there are no workaround available, but there are some measures that can be taken to limit the exposure of DHCP servers.

Admins are advised to upgrade immediately to DHCP version 4.1-ESV-R12-P1 or DHCP version 4.3.3-P1.