ISC DHCP 4.1-ESV and 4.1.2-P1 are now available for download

Larissa Shapiro larissas at
Wed Jan 26 20:33:26 UTC 2011

Hash: SHA1

ISC DHCP 4.1-ESV and 4.1.2-P1 are  now available for download.

These are security patch releases of ISC DHCP 4.1.2 and 4.1-ESV. The
security advisory is included below.

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:

This release, and its OpenPGP-signatures are available now from:

ISC's Release Signing Key can be obtained at:

		Changes since 4.1.2 and 4.1-ESV

! When processing a request in the DHCPv6 server code that specifies
  an address that is tagged as abandoned (meaning we received a
  decline request for it previously) don't attempt to move it from
  the inactive to active pool as doing so can result in the server
  crshing on an assert failure.  Also retag the lease as active
  and reset it's timeout value.
  [ISC-Bugs #21921]

	Internet Systems Consortium Security Advisory
    DHCP May Crash After Processing a DHCPv6 Decline Message
			26 January 2011

Title: DHCP May Crash After Processing a DHCPv6 Decline Message

CVE#: 2011-0413

VU#: 686084

CVSS: 6.1
Vector Equation: (AV:A/AC:L/Au:N/C:N/I:N/A:C)

For more information on CVSS scores, visit

Posting date: 2011-01-26

Program Impacted: DHCP

Versions affected: 4.0.x-4.2.x

Severity: moderate

Exploitable: remotely

Description and Impact:

When the DHCPv6 server code processes a message for an address that was
previously declined and internally tagged as abandoned it can trigger an
assert failure resulting in the server crashing. This could be used to
crash DHCPv6 servers remotely. This issue only affects DHCPv6 servers.
DHCPv4 servers are unaffected.

Workarounds: No direct workaround.

Exposure to the vulnerability can be limited by a review of the filters
and access to the DHCP server. It is highly recommended to limit access
to those devices which require DHCP server, management access, and
systems monitoring.

Active exploits: None known.

Solution: Upgrade to 4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1.

Questions regarding this advisory or ISC's Support services should be
sent to dhcp-bugs at

Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla -


More information about the dhcp-workers mailing list