Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-1892

Published: 17 July 2009

dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.

Notes

AuthorNote
jdstrand
POC does not work on Ubuntu 8.04 LTS and earlier, and report
states it is only 3.1 and higher
requires a somewhat broken configuration to exploit

Priority

Low

Status

Package Release Status
dhcp
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

upstream Needs triage

dhcp3
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy Not vulnerable

intrepid Ignored
(end of life, was needed)
jaunty Ignored
(end of life)
karmic Ignored
(end of life)
lucid Not vulnerable
(3.1.3-2ubuntu3.2)
maverick Not vulnerable
(3.1.3-2ubuntu6.2)
natty Does not exist

upstream
Released (3.1.3)