[pkg-dhcp-devel] Bug#652259: [CVE-2011-4539] DoS with regular expressions in dhcpd.conf

Florian Weimer fw at deneb.enyo.de
Thu Dec 15 18:27:14 UTC 2011

Package: isc-dhcp
Version: 4.1.1-P1-15+squeeze3
Tags: security upstream fixed-upstream
Severity: important

A security bug in dhcpd has been disclosed:

| dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4
| does not properly handle regular expressions in dhcpd.conf, which
| allows remote attackers to cause a denial of service (daemon crash)
| via a crafted request packet.


I'm not sure if this warrants a DSA on its own.

More information about the pkg-dhcp-devel mailing list