CVE-2011-4539 — isc-dhcp - denial of service

Description

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

How to fix CVE-2011-4539

To remediate CVE-2011-4539, upgrade the affected package to a fixed version below.

Debian/isc-dhcp—upgrade to 4.2.2.dfsg.1-5 or later
Debian/isc-dhcp—upgrade to 4.1.1-P1-15+squeeze5 or later
Debian/isc-dhcp—upgrade to 4.1.1-P1-15+squeeze6 or later

Is CVE-2011-4539 being exploited?

Moderate — EPSS is 32.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 4.2.2.dfsg.1-5
from 0, < 4.1.1-P1-15+squeeze5
from 0, < 4.1.1-P1-15+squeeze6

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-4539