CVE-2009-1892
Published: 17 July 2009
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
Notes
Author | Note |
---|---|
jdstrand | POC does not work on Ubuntu 8.04 LTS and earlier, and report states it is only 3.1 and higher requires a somewhat broken configuration to exploit |
Priority
Status
Package | Release | Status |
---|---|---|
dhcp Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
dhcp3 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Not vulnerable
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(3.1.3-2ubuntu3.2)
|
|
maverick |
Not vulnerable
(3.1.3-2ubuntu6.2)
|
|
natty |
Does not exist
|
|
upstream |
Released
(3.1.3)
|