Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

isc-dhcp: CVE-2016-2774: An attacker who is allowed to connect to DHCP inter-server communications and control channels can exhaust server resources

Related Vulnerabilities: CVE-2016-2774  

Source

Debian Bug report logs - #817158
isc-dhcp: CVE-2016-2774: An attacker who is allowed to connect to DHCP inter-server communications and control channels can exhaust server resources

version graph

Package: src:isc-dhcp; Maintainer for src:isc-dhcp is Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 8 Mar 2016 15:51:02 UTC

Severity: important

Tags: security, upstream

Found in versions isc-dhcp/4.2.2.dfsg.1-1, isc-dhcp/4.2.2.dfsg.1-5

Fixed in versions isc-dhcp/4.3.4~b1-1, isc-dhcp/4.3.4-1

Done: Michael Gilbert <mgilbert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#817158; Package src:isc-dhcp. (Tue, 08 Mar 2016 15:51:06 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>. (Tue, 08 Mar 2016 15:51:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: isc-dhcp: CVE-2016-2774: An attacker who is allowed to connect to DHCP inter-server communications and control channels can exhaust server resources
Date: Tue, 08 Mar 2016 16:49:46 +0100
Source: isc-dhcp
Version: 4.2.2.dfsg.1-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for isc-dhcp. Filling the but
to track the issue as well in the BTS.

CVE-2016-2774[0]:
|An attacker who is allowed to connect to DHCP inter-server
|communications and control channels can exhaust server resources

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-2774
[1] https://kb.isc.org/article/AA-01354

Regards,
Salvatore

Marked as fixed in versions isc-dhcp/4.3.4~b1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 26 Mar 2016 13:57:03 GMT) (full text, mbox, link).

Reply sent to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility. (Sat, 16 Apr 2016 19:09:21 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 16 Apr 2016 19:09:21 GMT) (full text, mbox, link).

Message #12 received at 817158-close@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>
To: 817158-close@bugs.debian.org
Subject: Bug#817158: fixed in isc-dhcp 4.3.4-1
Date: Sat, 16 Apr 2016 19:05:32 +0000
Source: isc-dhcp
Source-Version: 4.3.4-1

We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 817158@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated isc-dhcp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 Apr 2016 03:27:34 +0000
Source: isc-dhcp
Binary: isc-dhcp-server isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-ddns isc-dhcp-client-udeb isc-dhcp-relay
Architecture: source
Version: 4.3.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 isc-dhcp-client - DHCP client for automatically obtaining an IP address
 isc-dhcp-client-ddns - Dynamic DNS (DDNS) enabled DHCP client
 isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb)
 isc-dhcp-common - common files used by all of the isc-dhcp packages
 isc-dhcp-dev - API for accessing and modifying the DHCP server and client state
 isc-dhcp-relay - ISC DHCP relay daemon
 isc-dhcp-server - ISC DHCP server for automatic IP address assignment
 isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend
Closes: 765910 817158
Changes:
 isc-dhcp (4.3.4-1) unstable; urgency=medium
 .
   * New upstream stable release (closes: #817158).
   * Touch dhcpd.leases in the server init script (closes: 765910).
Checksums-Sha1:
 6b3785dd7ccc2f11453cc93e9898b9a7e04dcdbc 3252 isc-dhcp_4.3.4-1.dsc
 c1360546c6ad37553dc5dc3ce666dc3bb5fe9b28 1135255 isc-dhcp_4.3.4.orig.tar.gz
 ba9481574b2a20e1e11de17f8d6478ef0412bd6c 81488 isc-dhcp_4.3.4-1.debian.tar.xz
Checksums-Sha256:
 dc395318101d623ba7b7fcb07277ca730ed4ada05fa69ab21f535250ec5ba40d 3252 isc-dhcp_4.3.4-1.dsc
 8a23455fb0a33dba0917e2ac75be7d5b65bf9fa8bd2d7fb70306d8da2e651de0 1135255 isc-dhcp_4.3.4.orig.tar.gz
 ea058c7ffe3aa88fde31dadd9aaaeafc74acb648e0753eadb49ad20d38d86bac 81488 isc-dhcp_4.3.4-1.debian.tar.xz
Files:
 932dd2e5edf3a70f598b0b2b25dd276a 3252 net important isc-dhcp_4.3.4-1.dsc
 cdb2f374101dfd4f26ba06bf9559f6a9 1135255 net important isc-dhcp_4.3.4.orig.tar.gz
 317b2e57e102a84be3b56cab4817cf18 81488 net important isc-dhcp_4.3.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJXEovyAAoJELjWss0C1vRzSTkgAL8y4S4hqBKlp/NZhZqkjK91
WNM/npItCMNTfxKTd8dg3TEExuyCgdPn+Y9jYbzAdgzqnsQwydrJDkxG4LlWhgrz
fRVB0vDhBcRhlkR3oOPQLki9pu1I1Kf2n8WTMKULS8I63gmJVF1Qq4e/UYYfaMPN
VJ4JyJaSAQQzeixHKLMbtt7C29cLMQOatFKqoA9TDS4OSZ/dv3OYuU/LDZVlAK+6
nyljwAzatjLHmWWSi38PUyT9V4ZGTqeCif0G7/DMk2vbr2ZWxhaVcbDD5yJfWZZx
PI1cBrwC9EBwFsTRG2/K7S771Jh6jqWZAj4h6meGLFZWITOFev834d11TSfCvhWo
mo6OFwWL8hKFuYhTjNijboSAlKPdHkVvAZEl4hPkNA7ooUS8CiKtj7W2vkzsWV0w
Y6Aqsh/SSWSKIjrl4esxqNxwVSYjn8RjQmeTrPHrH9t148Ft5uiAp1ANY5z4CBmq
uEhKYionkfT3CIW6t6cAoAeZCCGIHsWcZU1tHA1G3ySSmxqQkPQ613mZehoMh4un
b20tdDJFohFdwRfiNV9jSn2PMaBOOtx14EZzBBmwmow+gEvIATXlHI++TI3hBaAA
fd0FayePdG29elKuYMVtmLGurJQLtC3I5dMTKPM8v0K6Yx520rY1klzPK+dHntxd
zd6WJgLCbQjvpPFf6I7y16WV+00mLjhxpUPKAq/dpsOQjKUzF2Z7l5De2vsvcpLP
zwoa95u7rjFUNZeH7wRwDnUJb9NHM7AH1/vE/m4xqHUjsBSLsiKRAA2+g4+PdUAR
df+2xDHRMXjDv4H3NGHYhM01DCA9LYYPklaUdVyN28tCxALaPDgx1PHLbQsBdOAW
VoYTicPOeoVasv0v0tmMHDs0aRrfglGrrlvbgFWrBWQJl9vCZ/729HzLEVdSg7ku
FcWanmNZihAibjanAcLhA79dmwKcHXcKXCjXOQGRt7UlcYARWvhP5YApPhMqWcAs
w87FDX2xSHSx2lQUfdZrvTqRepAj8/y88Q/9byraBT1Tmzut9luIAbyee6zddEK1
wWYJAikYvLX9/M0VTsinZgaTkDF2iPg0OgCckADlQHyEaIiBaSEhBGBYG+CPaMwH
nSd2BManvKNV1Mh43yOHAyuFlzrQPvjiiDuww8Aq3SPrhA/rzIxm54d3zuq8kn8N
zITxQV2ReQ7TZQ872a0AEl7UNE4FkBApq9k9vUXKUOy+KZ34uUykAwxF6GoNIAgD
/C9F6+n5zqoyIPTM/HpXnN9Xw4N5zpZQYD8aypS0+7X33GY+RHiPc/nJ7uGuBxNx
YT3pesh4ymyUp3bHudxlYIh4FMjndYO1X0+zo8OfCVQ/JX1J7UTFMU9/D5h4iMI=
=gHrH
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 20 May 2016 07:32:43 GMT) (full text, mbox, link).

Bug unarchived. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 21 Jun 2016 18:48:05 GMT) (full text, mbox, link).

Marked as found in versions isc-dhcp/4.2.2.dfsg.1-5. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 21 Jun 2016 18:48:08 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 20 Jul 2016 07:31:45 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:02:53 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started