ISC DHCP and the "GHOST" vulnerability (CVE-2015-0235)

Michael McNally mcnally at
Wed Feb 11 21:02:26 UTC 2015


ISC has received queries from several customers concerning CVE-2015-0235
(also known as "GHOST": a vulnerability affecting the gethostbyname()
library call and closely related calls in the GNU C library, glibc.)

After examining the ISC DHCP code for instances where the vulnerable
library routines are used, our opinion is that the GHOST vulnerability
does not represent a significant security threat to dhcpd and does not
require a special security release of ISC DHCP.

Nevertheless, given that the vulnerability is present in a library call
widely used by many programs on a typical system we strongly recommend
that server operators with an affected version of glibc update their
library with a secured version of glibc if you have not already done so.

Michael McNally
ISC Support

More information about the dhcp-users mailing list