CVE-2009-1892

Name of the Vulnerable Software and Affected Versions dhcp3-server versions 3.0.4 through 3.1.1 dhcp version prior to 3.1.2 p1 dhcp3-client (affected versions not specified) dhcp3-relay (affected versions not specified) dhcp3-dev (affected versions not specified) dhcp3-client-udeb (affected versions not specified) dhcp3-server-ldap (affected versions not specified) dhcp3-common (affected versions not specified)

Description The issue involves multiple vulnerabilities in the DHCP package of Debian GNU/Linux, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities in dhcpd, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allow remote attackers to cause a denial of service via unspecified requests.

Recommendations For dhcp3-server versions 3.0.4 through 3.1.1, update to a version later than 3.1.1. For dhcp version prior to 3.1.2 p1, update to version 3.1.2 p1 or later. For dhcp3-client, dhcp3-relay, dhcp3-dev, dhcp3-client-udeb, dhcp3-server-ldap, and dhcp3-common, at the moment, there is no information about a newer version that contains a fix for this vulnerability.