[pkg-dhcp-devel] Bug#652259: [CVE-2011-4539] DoS with regular expressions in dhcpd.conf
Florian Weimer
fw at deneb.enyo.de
Thu Dec 15 18:27:14 UTC 2011
Package: isc-dhcp
Version: 4.1.1-P1-15+squeeze3
Tags: security upstream fixed-upstream
Severity: important
A security bug in dhcpd has been disclosed:
| dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4
| does not properly handle regular expressions in dhcpd.conf, which
| allows remote attackers to cause a denial of service (daemon crash)
| via a crafted request packet.
<https://www.isc.org/software/dhcp/advisories/cve-2011-4539>
I'm not sure if this warrants a DSA on its own.
More information about the pkg-dhcp-devel
mailing list