ISC DHCP 4.2.0-P1 is now available!
Larissa Shapiro
larissas at isc.org
Tue Nov 2 23:31:31 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ISC DHCP 4.2.0-P1 is now available for download.
This is a security patch release of ISC DHCP 4.2.0. The security
advisory is included below.
A list of the changes in this release has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:
http://www.isc.org/software/dhcp
This release, and its OpenPGP-signatures are available now from:
ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.0-P1.tar.gz
ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.0-P1.tar.gz.sha512.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.0-P1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.2.0-P1.tar.gz.sha1.asc
ISC's Release Signing Key can be obtained at:
http://www.isc.org/about/openpgp/
Changes since 4.2.0
! Handle a relay forward message with an unspecified address in the
link address field. Previously such a message would cause the
server to crash. Thanks to a report from John Gibbons. [ISC-Bugs
#21992] CERT: VU#102047 CVE: CVE-2010-3611
Internet Systems Consortium Security Advisory
DHCP: Server Crash with Empty Link-Address Field
2 Nov 2010
CVE-2010-3611
VU# 102047
Posting date: November 2, 2010
Program Impacted: DHCP
Versions affected: 4.0 through 4.2
Severity: High
Exploitable: remotely
CVSS: 4.2 (for more on CVSS scores and to calculate your environment's
specific risk, please visit: http://nvd.nist.gov/cvss.cfm?calculator)
Description: If the server receives a DHCPv6 packet containing one or
more Relay-Forward messages, and none of them supply an address in the
Relay-Forward link-address field, then the server will crash. This
can be used as a single packet crash attack vector.
Impact and Risk Assessment: This can be used as a single packet crash
attack vector if the server was explicitly configured to serve DHCPv6.
Workarounds: None.
Active exploits: None known.
Solution: Upgrade DHCP to 4.0.3, 4.1.2, or 4.2.0-P1
Acknowledgment: John Gibbins, for finding issue and testing patch.
Revision History:
Added acknowledgment to John Gibbins
Changed date to Nov 2nd
For more information please contact dhcp-bugs at isc.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJM0J9NAAoJEBOIp87tasiUh6AIAJf/UOr4Hpia0BMe06YvlurG
VvP4XefFeFmgyvoxLIWAzu94WvcgqK8pn/CaLOh1HeW5Jlz5LzfPhMXAHwmWg/7s
GJr3nWhb8zYZlB0Ytt8cOz5rp5OL81KmHuSGZ6gBEinUqaO1GZX61/RaXsn9TWId
XARDxGUAC3cp1I8kcwwnUp658tVQrq2DWA/l0W2BrGkfm/aSh3+XXHDvmy/o2Jwv
diZpGYa0XM2BLub9hHD+w4MI23U0wkIn2tlFC8e9fqXvTBeHCv/HvLahFp16uWi2
aIWTbU/uxiBzMroIKx1dABldF34ldTyHjLWWgOwa2Yi2zqGC8IStwGovd//yZrI=
=/BIQ
-----END PGP SIGNATURE-----
More information about the dhcp-announce
mailing list