Hide Forgot
A security flaw was found in the way DHCP (Dynamic Host Configuration Protocol) server processed remote connections when the dhcpd was configured to provide Object Management API (OMAPI) capability. A remote attacker could use this flaw to cause denial of service (excessive CPU use and dhcpd daemon unreachability). References: [1] https://bugzilla.novell.com/show_bug.cgi?id=680298 [2] https://lists.isc.org/pipermail/dhcp-users/2011-February/012780.html [3] https://lists.isc.org/pipermail/dhcp-users/2011-February/012781.html [4] https://bugzilla.redhat.com/show_bug.cgi?id=666441 [5] http://www.mentby.com/Group/dhcp-users/omapi-not-working-in-420.html
This issue did NOT affect the versions of the dhcp package, as shipped with Red Hat Enterprise Linux 4, 5, or 6. -- This issue did NOT affect the version of the dhcp package, as shipped with Fedora release of 13.
This is fixed in Fedora 14 and higher: * Mon Jan 03 2011 Jiri Popelka <jpopelka> - 12:4.2.0-17.P2 - Fix OMAPI (#666441)
Statement: Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 4, 5, or 6.