(LiveHacking.Com) – The Internet Systems Consortium, Inc. (ISC) , the non-profit company which develops software for the infrastructure of the Internet (like BIND and DHCP), is reporting that two issues have been found in its DHCP server that could allow an attacker to cause the server to crash.
According to the advisory, the ISC received a report from David Zych from the University of Illinois about a crash in the DHCP when it tries to process certain types of packets. Upon investigation ISC found another similar bug along side the one reported by David. The patch issued by the ISC fixes the code to properly discard or process those packets.
Affected versions of the DHCP server are 3.1.0 through 3.1-ESV-R1, all versions of 4.0 (as it has reached EOL), 4.1.0 through 4.1.2rc1, 4.1-ESV through 4.1-ESV-R3b1 and 4.2.0 through 4.2.2rc1. The current supported and patch versions are 3.1-ESV-R3, 4.1-ESV-R3 or 4.2.2.
The advisory also notes that this is the last update to 3.1-ESV as it will reach End-of-Life after this release.