CVE-2011-4868

Name of the Vulnerable Software and Affected Versions dhcp versions prior to 4.2.4 p2 ISC DHCP versions prior to 4.2.3-P2

Description The issue concerns the dhcp package in Gentoo Linux and ISC DHCP, where multiple vulnerabilities can be exploited to disrupt the availability of protected information. The logging functionality in dhcpd, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure. This allows remote attackers to cause a denial of service via crafted packets related to a lease-status update, resulting in a NULL pointer dereference and daemon crash.

Recommendations For dhcp versions prior to 4.2.4 p2, update to version 4.2.4 p2 or later to resolve the issue. For ISC DHCP versions prior to 4.2.3-P2, update to version 4.2.3-P2 or later to resolve the issue. As a temporary workaround, consider disabling the Dynamic DNS (DDNS) functionality until a patch is available. Restrict access to the dhcpd service to minimize the risk of exploitation.