An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server . ISC DHCP versions 4.2.x through to 4.2.4 are affected, as well as 4.1.x. Earlier versions may also be vulnerable. Acknowledgements: Upstream acknowledges Markus Hietava of Codenomicon CROSS project as the original reporter of this issue.
This is now public: https://kb.isc.org/article/AA-00712
Created dhcp tracking bugs for this issue Affects: fedora-all [bug 842892]
dhcp-4.2.4-9.P1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1141 https://rhn.redhat.com/errata/RHSA-2012-1141.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1140 https://rhn.redhat.com/errata/RHSA-2012-1140.html
dhcp-4.2.3-11.P2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.