ISC DHCP 4.1.1-P1 is now available

Shawn Routhier sar at
Wed Jun 2 02:17:52 UTC 2010

ISC DHCP 4.1.1-P1 is now available for download.

This is a patch release of ISC DHCP 4.1.1, which contains a pair of
bug fixes including one for a security related bug.  The security
advisory is included below.

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:

This release, and its OpenPGP-signatures are available now from:

ISC's Release Signing Key can be obtained at:

         Internet Systems Consortium Security Advisory
             DHCP: Fencepost error on zero-length client identifier
                             1 June 2010

Short Description:
A request from a client containing a zero length client id will cause
the server to exit.

CERT: VU#541921
Posting date: June 1, 2010
Program Impacted: DHCP
Versions affected:  4.0.x, 4.1.x, 4.2.x.

Severity:  High
Exploitable:  remotely

The DHCP server will exit upon receipt of a request containing a zero 
length client ID, necessitating a restart.

Workarounds: Some defense against this may be achieved by restricting
packets to servers, but only an upgrade provides a complete solution.

Active exploits: None known at this time.

Upgrade DHCP to one of the following: 4.1.1-P1 or 4.0.2-P1
There are no plans for fixes for affected versions of DHCP previous to
4.1.1 and 4.0.2 of the 4.x branches, and please note that version 3.1.x 
is not affected.
The patch will be included in the next beta release for 4.2.0.

Questions should be addressed to dhcp-bugs at

         Partial release notes for this version.

                         Changes since 4.1.1

- A bug was fixed that could cause the DHCPv6 server to
   advertise/assign a previously allocated (active) lease to a client
   that has changed subnets, despite being on different shared
   networks.  Dynamic prefixes specifically allocated in shared networks
   also now are not offered if the client has moved.  [ISC-Bugs #21152]

! Accept a client id of length 0 while hashing.  Previously the server
   would exit if it attempted to hash a zero length client id, providing
   attackers with a simple denial of service attack.  [ISC-Bugs #21253]

More information about the dhcp-users mailing list