CVE-2006-3122

Name of the Vulnerable Software and Affected Versions ISC DHCP (dhcpd) server version 2.0pl5

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by sending a DHCPDISCOVER packet with a 32 byte client-identifier, which is interpreted as a corrupt uid, causing the server to exit with a "corrupt lease uid" error.

Recommendations For ISC DHCP (dhcpd) server version 2.0pl5, consider restricting access to the supersede lease function in memory.c until a patch is available. As a temporary workaround, avoid using client-identifiers of 32 bytes in DHCPDISCOVER packets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.