Bug 672755 - (CVE-2011-0413) CVE-2011-0413 dhcp: unexpected abort caused by a DHCPv6 decline message
CVE-2011-0413 dhcp: unexpected abort caused by a DHCPv6 decline message
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 672994 672995 672996
  Show dependency treegraph
Reported: 2011-01-26 04:13 EST by Tomas Hoger
Modified: 2011-04-19 04:10 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-04-19 04:10:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
diff of upstream 4.1.2 and 4.1.2-P1 (3.14 KB, patch)
2011-01-26 18:20 EST, Vincent Danen
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2011-01-26 04:13:17 EST
We've been notified by ISC about the upcoming security advisory for ISC DHCP.  This issue affects DHCPv6 server:

  When the DHCPv6 server code processes a message for an address that was
  previously declined and internally tagged as abandoned it can trigger an
  assert failure resulting in the server crashing. This could be used to
  crash DHCPv6 servers remotely. This issue only affects DHCPv6 servers.
  DHCPv4 servers are unaffected.

  Versions affected: 4.0.x-4.2.x
  Solution: Upgrade to 4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1

This also got US-CERT id VU#686084: http://www.kb.cert.org/vuls/id/686084


Red Hat would like to thank Internet Systems Consortium for reporting this issue.
Comment 4 Vincent Danen 2011-01-26 18:19:17 EST
This is now public:

Comment 5 Vincent Danen 2011-01-26 18:20:35 EST
Created attachment 475495 [details]
diff of upstream 4.1.2 and 4.1.2-P1

This is the relevant changes from upstream for this issue; 4.1.2-P1 only fixed this issue and nothing else; all the other changes omitted are copyright/$Id$ changes.
Comment 7 Vincent Danen 2011-01-26 18:22:40 EST
Created dhcp tracking bugs for this issue

Affects: fedora-all [bug 672996]
Comment 8 errata-xmlrpc 2011-02-15 13:47:08 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0256 https://rhn.redhat.com/errata/RHSA-2011-0256.html

Note You need to log in before you can comment on or make changes to this bug.