The Internet Systems Consortium, the makers of the open source DHCP server, indicated the DHCPv6 service may crash after processing a DHCPv6 decline message. This vulnerability has been assigned CVE 2011-0413 and affect version 4.0.x-4.2.x and maybe remotely exploitable. Note: This DoS only affects DHCPv6 servers and there is currently no workaround. [1] https://lists.isc.org/pipermail/isc-os-security/2011-January/000000.html [2] http://www.kb.cert.org/vuls/id/686084 ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org |
Guy 495 Posts ISC Handler Jan 27th 2011 |
Thread locked Subscribe |
Jan 27th 2011 1 decade ago |
Another reason to get DNS server information added to IPv6 router advertisements, and make DHCP obsolete in IPv6.
|
oleksiy 34 Posts |
Quote |
Jan 28th 2011 1 decade ago |
- http://www.securitytracker.com/id/1024999
Jan 28 2011 - "... Solution: The vendor has issued a fix (4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1). The vendor's advisory is available at: Vendor URL: www.isc.org/software/dhcp/advisories/cve-2011-0413 "... Solution: Upgrade to 4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1..." . |
Jack 160 Posts |
Quote |
Jan 28th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!