InfoSec Handlers Diary Blog - ISC DHCP DHCPv6 Vulnerability

SANS ISC: InfoSec Handlers Diary Blog - ISC DHCP DHCPv6 Vulnerability

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

ISC DHCP DHCPv6 Vulnerability

Published: 2011-01-27
Last Updated: 2011-01-27 23:43:43 UTC
by Guy Bruneau (Version: 1)

The Internet Systems Consortium, the makers of the open source DHCP server, indicated the DHCPv6 service may crash after processing a DHCPv6 decline message. This vulnerability has been assigned CVE 2011-0413 and affect version 4.0.x-4.2.x and maybe remotely exploitable.

Note: This DoS only affects DHCPv6 servers and there is currently no workaround.

[1] https://lists.isc.org/pipermail/isc-os-security/2011-January/000000.html

[2] http://www.kb.cert.org/vuls/id/686084

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: DHCPv6 DoS

2 comment(s)

Top of page

Diary Archives