ISC DHCP 4.1-ESV and 4.1.2-P1 are now available for download
Larissa Shapiro
larissas at isc.org
Wed Jan 26 20:30:52 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ISC DHCP 4.1-ESV and 4.1.2-P1 are now available for download.
These are security patch releases of ISC DHCP 4.1.2 and 4.1-ESV. The
security advisory is included below.
A list of the changes in this release has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:
http://www.isc.org/software/dhcp
This release, and its OpenPGP-signatures are available now from:
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1.tar.gz
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1.tar.gz.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1.tar.gz.sha1.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1.tar.gz.sha512.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R1.tar.gz
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R1.tar.gz.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R1.tar.gz.sha1.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R1.tar.gz.sha512.asc
ISC's Release Signing Key can be obtained at:
http://www.isc.org/about/openpgp/
Changes since 4.1.2 and 4.1-ESV
! When processing a request in the DHCPv6 server code that specifies
an address that is tagged as abandoned (meaning we received a
decline request for it previously) don't attempt to move it from
the inactive to active pool as doing so can result in the server
crshing on an assert failure. Also retag the lease as active
and reset it's timeout value.
[ISC-Bugs #21921]
Internet Systems Consortium Security Advisory
DHCP May Crash After Processing a DHCPv6 Decline Message
26 January 2011
Title: DHCP May Crash After Processing a DHCPv6 Decline Message
CVE-2011-0413
VU#686084
CVSS: 6.1
Vector Equation: (AV:A/AC:L/Au:N/C:N/I:N/A:C)
For more information on CVSS scores, visit
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
Posting date: 2011-01-26
Program Impacted: DHCP
Versions affected: 4.0.x-4.2.x
Severity: moderate
Exploitable: remotely
Description and Impact:
When the DHCPv6 server code processes a message for an address that was
previously declined and internally tagged as abandoned it can trigger an
assert failure resulting in the server crashing. This could be used to
crash DHCPv6 servers remotely. This issue only affects DHCPv6 servers.
DHCPv4 servers are unaffected.
Workarounds: No direct workaround.
Exposure to the vulnerability can be limited by a review of the filters
and access to the DHCP server. It is highly recommended to limit access
to those devices which require DHCP server, management access, and
systems monitoring.
Active exploits: None known.
Solution: Upgrade to 4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1.
Questions regarding this advisory or ISC's Support services should be
sent to dhcp-bugs at isc.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNQIR6AAoJEBOIp87tasiUrz8H/3dw4SlrbPjkKo/UgdeGJD3q
x5Q0IiNM18SPFIhtXE1rJRyvq0FWZzbuEexPVyLMAoQYPqenoB3qBAaAUSFcvsH0
l9wiUTHoVR2+IUK8/NRaQftKfD/Vq541G+xxwoviOJj8JvnjdMPCdPPviPqwQcPP
gTUisLDHTw6K2CvNAVHNTRr6y8PoFIF1IDINA0XwtDOShefwhPEqpYVfTLoHxZ2V
c5NDqygG/lGFG9rn9GH7bFtE/3ptzbZx7p0nOeOBjm48Isx7ta7638ItTfeJuIhJ
CSI/j1xW95aBXEE8sWIkoxl7zYIF+E5Lh/+vA7v8W/GHbgz7X8OAY1OPRun9Mw4=
=84ut
-----END PGP SIGNATURE-----
More information about the dhcp-users
mailing list