Bug 781242 (CVE-2011-4868)
Summary: | CVE-2011-4868 dhcp: error in DDNS processing of DHCPv6 leases can cause ISC dhcpd crash | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jpopelka |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-01-22 13:13:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 781246 | ||
Bug Blocks: | 781245 |
Description
Kurt Seifried
2012-01-13 03:33:23 UTC
Created dhcp tracking bugs for this issue Affects: fedora-all [bug 781246] Confirmed that the DDNS logging code (e.g. the function update_lease_failed()) was added in version 4.2.2. Checked 4.1.1 and 4.2.1 code against the code fixed by this security updates, both 4.2.1 and 4.1.1 lack the DDNS logging code that is vulnerable (the function update_lease_failed() is not present in older versions). Statement: Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not include support for enhanced DDNS logging. dhcp-4.2.3-5.P2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. |