In association with heise online

12 August 2011, 11:55

Security update for ISC's DHCP server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

ISC logo

ISC has released a security update for its DHCP server to remove two denial of service vulnerabilities. According to the report the server can be made to halt upon processing certain packets. With a DHCP server effectively down, clients on the network would no longer receive IP addresses and would therefore not be able to usefully connect to the network. The fix patches the system to correctly discard or process the packets that cause the problem.

The problem affects all end of lifed (EOL) versions of DHCP, version 3.1.0 through to 3.1-ESV-R1, all versions of 4.0 (now EOL), 4.1.0 to 4.1.2.rc1, 4.1-ESV to 4.1-ESV-R3b1 and 4.2.0 to 4.2.2rc1. The company recommends that users upgrade to supported versions from the company's download page (3.1-ESV-R3, 4.1-ESV-R3 or the current production release, 4.2.2).

ISC rates the severity of the problem as high but says that no public exploits of the problem are known. One of the problems was reported by a user at the University of Illinois and the other was discovered during testing. ISC's DHCP server is available under the ISC Licence.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit