CVE-2009-1892

Published: 17 July 2009

dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.

Priority

Low

Status

Package Release Status
dhcp
Launchpad, Ubuntu, Debian
Upstream Needs triage

dhcp3
Launchpad, Ubuntu, Debian
Upstream
Released (3.1.3)

Notes

AuthorNote
jdstrand
POC does not work on Ubuntu 8.04 LTS and earlier, and report
states it is only 3.1 and higher
requires a somewhat broken configuration to exploit

References