Lucene search

Gentoo FoundationGLSA-201401-05

HistoryJan 06, 2014 - 12:00 a.m.

ISC DHCP: Denial of service

2014-01-0600:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:N/I:N/A:C

EPSS

0.001

Percentile

34.8%

JSON

Background

ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.

Description

ISC DHCP is vulnerable to a memory exhaustion attack involving regular expressions sent by DHCP clients.

Impact

A remote attacker could send a specially crafted request from a malicious or spoofed client, potentially leading to a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All ISC DHCP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcp-4.2.5_p1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/dhcp< 4.2.5_p1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-misc/dhcp	< 4.2.5_p1	UNKNOWN

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:N/I:N/A:C

EPSS

0.001

Percentile

34.8%

JSON

Related for GLSA-201401-05