DoS by sending message over IPv6 for a declined and abandoned address.
Bug #720729 reported by
Dave Walker
on 2011-02-17
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | isc-dhcp (Debian) |
Fix Released
|
Unknown
|
||
| | isc-dhcp (Ubuntu) |
Undecided
|
Dave Walker | ||
Bug Description
"The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address."
Related branches
lp:~davewalker/ubuntu/natty/isc-dhcp/lp_720729
- Ubuntu Security Sponsors Team: Pending requested 2011-02-17
- Ubuntu Sponsors Team: Pending requested 2011-02-17
-
Diff: 99 lines (+76/-0)3 files modifieddebian/changelog (+12/-0)
debian/patches/00list (+2/-0)
debian/patches/CVE-2011-0413.dpatch (+62/-0)
CVE References
Dave Walker (davewalker)
on 2011-02-17
| visibility: | private → public |
Bug Watch Updater (bug-watch-updater)
on 2011-02-17
| Changed in isc-dhcp (Debian): | |
| status: | Unknown → Fix Released |
Dave Walker (davewalker)
on 2011-02-17
| Changed in isc-dhcp (Ubuntu): | |
| assignee: | nobody → Dave Walker (davewalker) |
| status: | New → In Progress |
| Launchpad Janitor (janitor) wrote : | #1 |
| Changed in isc-dhcp (Ubuntu): | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
This bug was fixed in the package isc-dhcp - 4.1.1-P1-15ubuntu3
---------------
isc-dhcp (4.1.1-
* SECURITY UPDATE: denial of service via processing of message from an address
that was previously declined, causing assert failure. (LP: #720729)
- debian/
address in isc-dhcp/
a sane expiration value. Based on changes between upstream releases
4.1.2 and 4.1.2-P1
- CVE-2011-0413
-- Dave Walker (Daviey) <email address hidden> Thu, 17 Feb 2011 16:24:57 +0000