DHCP Security Advisories

This page lists all of the security advisories that ISC has released that pertain to ISC DHCP. Click on the title to see more information, or click on the CVE or VU number to see the corresponding CVE or CERT reports.

An Error in DDNS Processing of DHCPv6 Leases Can Cause a Crash in ISC dhcpd

Summary: 
Improper handling of Dynamic DNS information associated with DHCPv6 leases can cause a segmentation fault in ISC DHCP servers using IPv6 and Dynamic DNS, resulting in denial of service to clients.
CVE: 
CVE-2011-4868
Document Version: 
1.2
Posting date: 
12 Jan 2012
Program Impacted: 
DHCP
Versions affected: 
4.2.2, 4.2.3, 4.2.3-P1
Severity: 
High
Exploitable: 
remotely

Security Advisory - DHCP Regular Expressions Segfault

Summary: 
Segmentation fault from dhcpd while processing an evaluated regular expression
CVE: 
CVE-2011-4539
Document Version: 
1.2
Posting date: 
07 Dec 2011
Program Impacted: 
DHCP
Versions affected: 
4.0.x and higher, including all EOL versions back to 4.0, 4.1-ESV, and 4.2.x
Severity: 
Medium
Exploitable: 
remotely

ISC DHCP Server Halt

Summary: 
Two issues have been found in DHCP that could allow an attacker to cause the server to halt.
CVE: 
CVE-2011-2748
Document Version: 
1.1
Posting date: 
10 Aug 2011
Program Impacted: 
DHCP
Versions affected: 
3.1.0 through 3.1-ESV-R1 (R2 never released) 4.0 all versions (EOL) 4.1.0 through 4.1.2rc1 4.1-ESV through 4.1-ESV-R3b1 4.2.0 through 4.2.2rc1 All End-of-Life versions of DHCP server are likely to be affected and ISC recommends upgrading to supported versions.
Severity: 
High
Exploitable: 
Remotely

DHCP: dhclient does not strip or escape shell meta-characters

Summary: 
dhclient doesn't strip or escape certain shell meta-characters in dhcpd responses, allowing a rogue server or party with with escalated privileges on the server to cause remote code execution on the client.
CVE: 
CVE-2011-0997
CERT: 
VU#107886
Document Version: 
1.1
Posting date: 
05 Apr 2011
Program Impacted: 
DHCP
Versions affected: 
3.0.x-4.2.x
Severity: 
Medium
Exploitable: 
remotely

DHCP May Crash After Processing a DHCPv6 Decline Message

Summary: 
Processing an address previously declined and tagged as abandoned can crash the server.
CVE: 
CVE-2011-0413
CERT: 
VU#686084
Document Version: 
1.1
Posting date: 
26 Jan 2011
Program Impacted: 
DHCP
Versions affected: 
4.0.x-4.2.x
Severity: 
Medium
Exploitable: 
remotely

DHCP: Server Hangs with TCP to Failover Peer Port

Summary: 
If a server receives a TCP connection on a port that has been configured for communication with a failover peer, this can cause it to become non-responsive to all normal DHCP protocol traffic.
CVE: 
CVE-2010-3616
CERT: 
VU#159528
Posting date: 
10 Dec 2010
Program Impacted: 
DHCP
Versions affected: 
4.2
Severity: 
High
Exploitable: 
remotely

DHCP: Server Crash with Empty Link-Address Field

Summary: 
If the server receives a DHCPv6 packet containing one or more Relay-Forward messages, and none of them supply an address in the Relay-Forward link-address field, then the server will crash. This can be used as a single packet crash attack vector.
CVE: 
CVE-2010-3611
CERT: 
VU#102047
Posting date: 
02 Nov 2010
Program Impacted: 
DHCP
Versions affected: 
4.0 through 4.2
Severity: 
High
Exploitable: 
remotely

DHCP: Fencepost error on zero-length client identifier

Summary: 
A request from a client containing a zero length client id will cause the server to exit.
CVE: 
CVE-2010-2156
CERT: 
VU#541921
Posting date: 
01 Jun 2010
Program Impacted: 
DHCP
Versions affected: 
4.0.x, 4.1.x, 4.2.x
Severity: 
High
Exploitable: 
remotely

DHCP host record fenceposting error

Summary: 
Versions of ISC dhcpd from 3.0.3 and onward have a fenceposting error that causes it to exit if it observes a DHCP client that matches two host records - one by DHCP Client Identifier option, the other by hardware address.
CVE: 
CVE-2009-1892
Posting date: 
07 Oct 2009
Program Impacted: 
DHCP
Versions affected: 
3.0.3 and higher
Severity: 
Minor
Exploitable: 
remotely with "local knowledge"

DHCP Stack Overflow in 'dhclient' script_write_params()

Summary: 
ISC dhclient has a stack overflow vulnerability which makes it theoretically possible for a rogue DHCP server to execute arbitrary commands as root on the affected system through stack return subversion.
CVE: 
CVE-2009-0692
Posting date: 
14 Jul 2009
Program Impacted: 
DHCP
Versions affected: 
DHCP 4.1 (all versions), 4.0 (all versions), 3.1 (all versions), 3.0 (all versions), 2.0 (all versions)
Severity: 
High
Exploitable: 
remotely
Share this