ISC DHCP 4.1-ESV and 4.1.2-P1 are now available for download

Larissa Shapiro larissas at isc.org
Wed Jan 26 20:33:26 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ISC DHCP 4.1-ESV and 4.1.2-P1 are  now available for download.

These are security patch releases of ISC DHCP 4.1.2 and 4.1-ESV. The
security advisory is included below.

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:

    http://www.isc.org/software/dhcp

This release, and its OpenPGP-signatures are available now from:

ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1.tar.gz
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1.tar.gz.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1.tar.gz.sha1.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1.tar.gz.sha512.asc

ftp://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R1.tar.gz
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R1.tar.gz.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R1.tar.gz.sha1.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R1.tar.gz.sha512.asc

ISC's Release Signing Key can be obtained at:

    http://www.isc.org/about/openpgp/


		Changes since 4.1.2 and 4.1-ESV


! When processing a request in the DHCPv6 server code that specifies
  an address that is tagged as abandoned (meaning we received a
  decline request for it previously) don't attempt to move it from
  the inactive to active pool as doing so can result in the server
  crshing on an assert failure.  Also retag the lease as active
  and reset it's timeout value.
  [ISC-Bugs #21921]

	Internet Systems Consortium Security Advisory
    DHCP May Crash After Processing a DHCPv6 Decline Message
			26 January 2011

Title: DHCP May Crash After Processing a DHCPv6 Decline Message

CVE#: 2011-0413

VU#: 686084

CVSS: 6.1
Vector Equation: (AV:A/AC:L/Au:N/C:N/I:N/A:C)

For more information on CVSS scores, visit
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2

Posting date: 2011-01-26

Program Impacted: DHCP

Versions affected: 4.0.x-4.2.x

Severity: moderate

Exploitable: remotely

Description and Impact:

When the DHCPv6 server code processes a message for an address that was
previously declined and internally tagged as abandoned it can trigger an
assert failure resulting in the server crashing. This could be used to
crash DHCPv6 servers remotely. This issue only affects DHCPv6 servers.
DHCPv4 servers are unaffected.

Workarounds: No direct workaround.

Exposure to the vulnerability can be limited by a review of the filters
and access to the DHCP server. It is highly recommended to limit access
to those devices which require DHCP server, management access, and
systems monitoring.

Active exploits: None known.

Solution: Upgrade to 4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1.

Questions regarding this advisory or ISC's Support services should be
sent to dhcp-bugs at isc.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNQIUUAAoJEBOIp87tasiUlaQH+gOXliO8PKp9L3NHCYAQKRaa
wuxKvY7fmlx7D1zCzGUOJ1DWGMPkkXAsEyokAj85Dwt/Tz0+fzSAs3/EiivCxIlW
BC2CdNQgsXHP9asCqZ1V4cJBBbvIrxkmmKxUNijXpKBbyuLeoMRih1U3L+AK8Tz+
vwjnVzxd1V7iATLXGFvzjIBob6UyP+Uop3Iqhi3vdGBSMQglAgS/diU3XzBvuVRP
7UiW6aseWRMI2INYluodDj8I9O6JJ1yze9dpMp6WAIZU0t57w87Nxt/QEuLxD3kW
MQUd7guEqWzH2VtNczhDVisE0FkKx7KC75W6jXoUrrpFioVAU6f3m/7aUv8owsI=
=qgCJ
-----END PGP SIGNATURE-----



More information about the dhcp-workers mailing list