CVE-2011-4539

Name of the Vulnerable Software and Affected Versions dhcp versions prior to 4.2.4 p2 ISC DHCP 4.x versions prior to 4.2.3-P1 ISC DHCP 4.1-ESV versions prior to 4.1-ESV-R4

Description The issue is related to multiple vulnerabilities in the dhcp package, which can be exploited remotely, leading to a denial of service and potentially disrupting the availability of protected information. Specifically, the dhcpd in ISC DHCP does not properly handle regular expressions in dhcpd.conf, allowing remote attackers to cause a daemon crash via a crafted request packet.

Recommendations For dhcp versions prior to 4.2.4 p2, update to version 4.2.4 p2 or later to resolve the issue. For ISC DHCP 4.x versions prior to 4.2.3-P1, update to version 4.2.3-P1 or later to resolve the issue. For ISC DHCP 4.1-ESV versions prior to 4.1-ESV-R4, update to version 4.1-ESV-R4 or later to resolve the issue. As a temporary workaround, consider restricting access to the dhcpd.conf file to minimize the risk of exploitation.