ISC DHCP and the "GHOST" vulnerability (CVE-2015-0235)
Michael McNally
mcnally at isc.org
Wed Feb 11 21:02:26 UTC 2015
Hello,
ISC has received queries from several customers concerning CVE-2015-0235
(also known as "GHOST": a vulnerability affecting the gethostbyname()
library call and closely related calls in the GNU C library, glibc.)
After examining the ISC DHCP code for instances where the vulnerable
library routines are used, our opinion is that the GHOST vulnerability
does not represent a significant security threat to dhcpd and does not
require a special security release of ISC DHCP.
Nevertheless, given that the vulnerability is present in a library call
widely used by many programs on a typical system we strongly recommend
that server operators with an affected version of glibc update their
library with a secured version of glibc if you have not already done so.
Michael McNally
ISC Support
More information about the dhcp-users
mailing list