[pkg-dhcp-devel] Bug#611217: CVE-2011-0413: crash after DHCPv6 decline message

Adam D. Barratt adam at adam-barratt.org.uk
Wed Jan 26 21:39:15 UTC 2011


user release.debian.org at packages.debian.org
usertag 611217 + squeeze-can-defer
tag 611217 + squeeze-ignore
thanks

On Wed, 2011-01-26 at 15:24 -0600, Raphael Geissert wrote:
> > When the DHCPv6 server code processes a message for an address that was
> > previously declined and internally tagged as abandoned it can trigger an
> > assert failure resulting in the server crashing. This could be used to
> > crash DHCPv6 servers remotely. This issue only affects DHCPv6 servers.
> > DHCPv4 servers are unaffected.

This sounds like it can be fixed after release if need be; tagging as
not a blocker.

Regards,

Adam






More information about the pkg-dhcp-devel mailing list