DHCP Security Advisories

This page lists all of the security advisories that ISC has released that pertain to ISC DHCP. Click on the title to see more information, or click on the CVE or VU number to see the corresponding CVE or CERT reports.

A Vulnerability in libdns Could Cause Excessive Memory Use in ISC DHCP 4.2

Summary: 
A memory exhaustion bug has been discovered in libdns, which is used by ISC DHCP 4.2. Theoretically this could be exploited to cause memory exhaustion in ISC DHCP 4.2.
CVE: 
CVE-2013-2494
Document Version: 
1.0
Posting date: 
26 Mar 2013
Program Impacted: 
DHCP
Versions affected: 
4.2.0 -> 4.2.5
Severity: 
Low
Exploitable: 
from adjacent networks

Reducing the Expiration Time for an IPv6 Lease May Cause the Server to Crash

Summary: 
ISC has discovered that reducing the expiration time for an active IPv6 lease may cause the server to crash.
CVE: 
CVE-2012-3955
Document Version: 
2.0
Posting date: 
12 Sep 2012
Program Impacted: 
DHCP
Versions affected: 
4.1.x, 4.2.x
Severity: 
Medium
Exploitable: 
Remotely

Memory Leaks Found in ISC DHCP

Summary: 
Two memory leaks have been found and fixed in ISC DHCP. Both are reproducible when running in DHCPv6 mode (with the -6 command-line argument.) The first leak is confirmed to only affect servers operating in DHCPv6 mode, but based on initial code analysis the second may theoretically affect DHCPv4 servers (though this has not been demonstrated.)
CVE: 
CVE-2012-3954
Document Version: 
2.1
Posting date: 
24 Jul 2012
Program Impacted: 
DHCP
Versions affected: 
4.1.x and 4.2.x
Severity: 
Medium
Exploitable: 
locally

An Error in the Handling of an Unexpected Client Identifiers can Cause Server Crash When Serving DHCPv6

Summary: 
An error in the handling of an unexpected client identifiers can cause a server crash when serving DHCPv6.
CVE: 
CVE-2012-3570
Document Version: 
2.1
Posting date: 
24 Jul 2012
Program Impacted: 
DHCP
Versions affected: 
4.2.0 --> 4.2.4
Severity: 
High
Exploitable: 
Adjacent networks

An Error in the Handling of Malformed Client Identifiers can Cause a Denial-of-Service Condition in Affected Servers

Summary: 
An error in the handling of malformed client identifiers can cause a denial-of-service condition in affected servers.
CVE: 
CVE-2012-3571
Document Version: 
2.1
Posting date: 
24 Jul 2012
Program Impacted: 
DHCP
Versions affected: 
4.2.0 (including 4.2.x-Px) to 4.2.4; 4.1-ESV through 4.1-ESV-R5; 4.1.2, 4.1.2-P1
Severity: 
High
Exploitable: 
locally

An Error in DDNS Processing of DHCPv6 Leases Can Cause a Crash in ISC dhcpd

Summary: 
Improper handling of Dynamic DNS information associated with DHCPv6 leases can cause a segmentation fault in ISC DHCP servers using IPv6 and Dynamic DNS, resulting in denial of service to clients.
CVE: 
CVE-2011-4868
Document Version: 
1.2
Posting date: 
12 Jan 2012
Program Impacted: 
DHCP
Versions affected: 
4.2.2, 4.2.3, 4.2.3-P1
Severity: 
High
Exploitable: 
remotely

Security Advisory - DHCP Regular Expressions Segfault

Summary: 
Segmentation fault from dhcpd while processing an evaluated regular expression
CVE: 
CVE-2011-4539
Document Version: 
1.2
Posting date: 
07 Dec 2011
Program Impacted: 
DHCP
Versions affected: 
4.0.x and higher, including all EOL versions back to 4.0, 4.1-ESV, and 4.2.x
Severity: 
Medium
Exploitable: 
remotely

ISC DHCP Server Halt

Summary: 
Two issues have been found in DHCP that could allow an attacker to cause the server to halt.
CVE: 
CVE-2011-2748
Document Version: 
1.1
Posting date: 
10 Aug 2011
Program Impacted: 
DHCP
Versions affected: 
3.1.0 through 3.1-ESV-R1 (R2 never released) 4.0 all versions (EOL) 4.1.0 through 4.1.2rc1 4.1-ESV through 4.1-ESV-R3b1 4.2.0 through 4.2.2rc1 All End-of-Life versions of DHCP server are likely to be affected and ISC recommends upgrading to supported versions.
Severity: 
High
Exploitable: 
Remotely

DHCP: dhclient does not strip or escape shell meta-characters

Summary: 
dhclient doesn't strip or escape certain shell meta-characters in dhcpd responses, allowing a rogue server or party with with escalated privileges on the server to cause remote code execution on the client.
CVE: 
CVE-2011-0997
CERT: 
VU#107886
Document Version: 
1.1
Posting date: 
05 Apr 2011
Program Impacted: 
DHCP
Versions affected: 
3.0.x-4.2.x
Severity: 
Medium
Exploitable: 
remotely

DHCP May Crash After Processing a DHCPv6 Decline Message

Summary: 
Processing an address previously declined and tagged as abandoned can crash the server.
CVE: 
CVE-2011-0413
CERT: 
VU#686084
Document Version: 
1.1
Posting date: 
26 Jan 2011
Program Impacted: 
DHCP
Versions affected: 
4.0.x-4.2.x
Severity: 
Medium
Exploitable: 
remotely
Share this