CVE-2009-1892

Description

dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.

How to fix CVE-2009-1892

To remediate CVE-2009-1892, upgrade the affected package to a fixed version below.

• Debian/isc-dhcp—upgrade to 3.1.2p1-2 or later

Is CVE-2009-1892 being exploited?

Moderate — EPSS is 6.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 3.1.2p1-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-1892