Gentoo Linux Security Advisory 201301-6 - Multiple vulnerabilities have been found in ISC DHCP, the worst of which may allow remote Denial of Service. Versions less than 4.2.4_p2 are affected.
52ff96ed35904c6394d9f7d674251ad0c4071daa8bc2b1b6ef5a6f6de136a80b
Debian Linux Security Advisory 2519-2 - It was discovered that the recent update for isc-dhcp, did not contain the patched code included in the source package. Due to quirk in the build system those patches were deapplied during the build process.
56cde2d842365388e86b4e3822e43e10f8a15d275662e2a0613a84e1fe731f1c
Red Hat Security Advisory 2012-1141-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests.
fc9a322a2de7ef4e978afd80e16657d60814c3b522011ed6e9b40e2bd8d9a601
Red Hat Security Advisory 2012-1140-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of this issue.
8b07e2dc453135e1290fae4b34fd3618aeea3cedff85d00f592a71055720c29b
Debian Linux Security Advisory 2519-1 - Several security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, have been discovered. Additionally, the latest security update for isc-dhcp, DSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed in this additional update.
e479c19eca6b0a977ba08f2378c2c6d472b961bb6278e8c807d1506c363ab2e5
Proof of concept denial of service exploit for the zero length client id infinite loop vulnerability in DHCP version 4.1.2.
866407d6a01490397a0a69ab14d8818f3272133757b74cb32940ac7e6d151ada
Mandriva Linux Security Advisory 2012-116 - An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been patched to correct these issues.
7c7457010e58268c50229d55072e4bb9e57280b85c47418c4fa50b728f6834c8
Mandriva Linux Security Advisory 2012-115 - An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server. An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been upgraded to the latest version which is not affected by these issues.
a3724f3805b0b02ba67820a614a721acf82fab981a7946ece56835acdc445a6d
Ubuntu Security Notice 1519-1 - Markus Hietava discovered that the DHCP server incorrectly handled certain malformed client identifiers. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. Glen Eustace discovered that the DHCP server incorrectly handled memory. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.
c72b8e80450c3e9e34484ae7fd0643ad157493cf28d7fca26110d4ee52010399
Debian Linux Security Advisory 2516-1 - Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered.
074f53e4757eadf5549b496a0e1a2f3052b4631cb7e6cc36d0f0d9d7d8165ad8