What Are You Looking For?

Sign Up
Arch Linux Security Advisory ASA-201803-4
========================================
Severity: High
Date    : 2018-03-05
CVE-ID  : CVE-2018-5733
Package : dhcp
Type    : denial of service
Remote  : Yes
Link    : https://security.archlinux.org/AVG-646

Summary
======
The package dhcp before version 4.4.1-1 is vulnerable to denial of
service.

Resolution
=========
Upgrade to 4.4.1-1.

# pacman -Syu "dhcp>=4.4.1-1"

The problem has been fixed upstream in version 4.4.1.

Workaround
=========
None.

Description
==========
A denial of service flaw was found in the way dhcpd handled reference
counting when processing client requests. A malicious DHCP client could
use this flaw to trigger a reference count overflow on the server side,
potentially causing dhcpd to crash, by sending large amounts of
traffic.

Impact
=====
A remote attacker is able to crash the dhcpd process by sending large
amounts of traffic.

References
=========
https://kb.isc.org/article/AA-01567
https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html
;a=commitdiff;h=197b26f25309f947b97a83b8fdfc414b767798f8
https://bugs.isc.org/Public/Bug/Display.html?id=47140
https://security.archlinux.org/CVE-2018-5733

ArchLinux: 201803-4: dhcp: denial of service

March 6, 2018

Summary

A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. A malicious DHCP client could use this flaw to trigger a reference count overflow on the server side, potentially causing dhcpd to crash, by sending large amounts of traffic.

Resolution

Upgrade to 4.4.1-1. # pacman -Syu "dhcp>=4.4.1-1"
The problem has been fixed upstream in version 4.4.1.

References

https://kb.isc.org/article/AA-01567 https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html ;a=commitdiff;h=197b26f25309f947b97a83b8fdfc414b767798f8 https://bugs.isc.org/Public/Bug/Display.html?id=47140 https://security.archlinux.org/CVE-2018-5733

Severity
Package : dhcp
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-646

Workaround

None.

Related News

Linux version of Qilin ransomware focuses on VMware ESXi

Dec 4, 2023

Tails 5.20 Brings Latest Tor Browser, Ditches AdGuard Filter List

Nov 29, 2023

How Meta Patches Linux at Hyperscale

Dec 2, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo