Debian Security Advisory
DSA-2551-1 isc-dhcp -- denial of service
- Date Reported:
- 23 Sep 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-3955.
- More information:
Glen Eustace discovered that the ISC DHCP server, a server for automatic IP address assignment, is not properly handling changes in the expiration times of a lease. An attacker may use this flaw to crash the service and cause denial of service conditions, by reducing the expiration time of an active IPv6 lease.
For the stable distribution (squeeze), this problem has been fixed in version 4.1.1-P1-15+squeeze8.
For the testing distribution (wheezy), this problem has been fixed in version 4.2.2.dfsg.1-5+deb70u1.
For the unstable distribution (sid), this problem has been fixed in version 4.2.4-2.
We recommend that you upgrade your isc-dhcp packages.