ISC DHCP 4.1-ESV and 4.1.2-P1 are now available for download
larissas at isc.org
Wed Jan 26 20:33:26 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
ISC DHCP 4.1-ESV and 4.1.2-P1 are now available for download.
These are security patch releases of ISC DHCP 4.1.2 and 4.1-ESV. The
security advisory is included below.
A list of the changes in this release has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:
This release, and its OpenPGP-signatures are available now from:
ISC's Release Signing Key can be obtained at:
Changes since 4.1.2 and 4.1-ESV
! When processing a request in the DHCPv6 server code that specifies
an address that is tagged as abandoned (meaning we received a
decline request for it previously) don't attempt to move it from
the inactive to active pool as doing so can result in the server
crshing on an assert failure. Also retag the lease as active
and reset it's timeout value.
Internet Systems Consortium Security Advisory
DHCP May Crash After Processing a DHCPv6 Decline Message
26 January 2011
Title: DHCP May Crash After Processing a DHCPv6 Decline Message
Vector Equation: (AV:A/AC:L/Au:N/C:N/I:N/A:C)
For more information on CVSS scores, visit
Posting date: 2011-01-26
Program Impacted: DHCP
Versions affected: 4.0.x-4.2.x
Description and Impact:
When the DHCPv6 server code processes a message for an address that was
previously declined and internally tagged as abandoned it can trigger an
assert failure resulting in the server crashing. This could be used to
crash DHCPv6 servers remotely. This issue only affects DHCPv6 servers.
DHCPv4 servers are unaffected.
Workarounds: No direct workaround.
Exposure to the vulnerability can be limited by a review of the filters
and access to the DHCP server. It is highly recommended to limit access
to those devices which require DHCP server, management access, and
Active exploits: None known.
Solution: Upgrade to 4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1.
Questions regarding this advisory or ISC's Support services should be
sent to dhcp-bugs at isc.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the dhcp-workers