blob: be457f7b8851b7892c32a54e9808636b865ec22d [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200908-08">
<title>ISC DHCP: dhcpd Denial of Service</title>
dhcpd as included in the ISC DHCP implementation does not properly handle
special conditions, leading to a Denial of Service.
<product type="ebuild">dhcp</product>
<announced>August 18, 2009</announced>
<revised>August 18, 2009: 01</revised>
<package name="net-misc/dhcp" auto="yes" arch="*">
<unaffected range="ge">3.1.2_p1</unaffected>
<vulnerable range="lt">3.1.2_p1</vulnerable>
ISC DHCP is the reference implementation of the Dynamic Host
Configuration Protocol as specified in RFC 2131.
Christoph Biedl discovered that dhcpd does not properly handle certain
DHCP requests when configured both using "dhcp-client-identifier" and
"hardware ethernet".
<impact type="normal">
A remote attacker might send a specially crafted request to dhcpd,
possibly resulting in a Denial of Service (daemon crash).
There is no known workaround at this time.
All ISC DHCP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-misc/dhcp-3.1.2_p1&quot;</code>
<uri link="">CVE-2009-1892</uri>
<metadata tag="requester" timestamp="Tue, 28 Jul 2009 17:01:31 +0000">
<metadata tag="submitter" timestamp="Tue, 04 Aug 2009 19:40:02 +0000">
<metadata tag="bugReady" timestamp="Wed, 05 Aug 2009 13:32:31 +0000">