It was reported [1] that ISC dhcpd suffered from a bug related to processing an evaluated regular expression. If an attacker were able to send a DHCP Request packet, either directly or through a relay, they could remotely crash dhcpd if that server was configured to evaluate expressions using a regular expression (such as "~=" or "~~" comparison operators). No further details have been released as of yet. Upstream indicates that 4.0.x and higher, including all EOL versions back to 4.0, 4.1-ESV, and 4.2.x, are affected and is corrected in 4.1-ESV-R4 and 4.2.3-P1. This flaw cannot be triggered if regular expressions are not used in the server's configuration files. [1] http://www.isc.org/software/dhcp/advisories/cve-2011-4539
Created attachment 542241 [details] diff from 4.2.3 and 4.2.3-P1 Diff from 4.2.3 and 4.2.3-P1 with the following changelog comments: Changes since 4.2.3 ! Add a check for a null pointer before calling the regexec function. Without out this check we could, under some circumstances, pass a null pointer to the regexec function causing it to segfault. Thanks to a report from BlueCat Networks. [ISC-Bugs #26704]. CVE: CVE-2011-4539
Created dhcp tracking bugs for this issue Affects: fedora-all [bug 765681]
This issue does not affect the version of dhcp package as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the version of dhcp package as shipped with Red Hat Enterprise Linux 6.
Statement: This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 4 and 5.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1819 https://rhn.redhat.com/errata/RHSA-2011-1819.html
dhcp-4.2.3-4.P1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
dhcp-4.2.1-14.P1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.