From secunia security advisory at $URL: Description: The vulnerability is caused due to an error related to regular expressions, which can be exploited to cause the daemon to crash by sending specially crafted DHCP packets. Successful exploitation requires that the server is configured to evaluate expressions using regular expressions (e.g. uses the "~~" or "~=" comparison operators). The vulnerability is reported in versions 4.x prior to versions 4.1-ESV-R4 and 4.2.3-P1. Solution Update to versions 4.1-ESV-R4 or 4.2.3-P1.
I asked to vapier if is a default for gentoo configuration, if not I'll move to B3
when they say "if that server is configured to evaluate expressions using a regular expression", it isn't clear if they mean "the server has enabled an option in their dhcpd.conf" or if "the server has compiled in support for regular expressions". for the former, we don't ship any default configs ... the user has to write everything. for the latter, there's no real way to disable regex support in the server. it relies on regex.h being available which is pretty much a given. at any rate, dhcp-4.2.3_p1 now in the tree.
Thanks Mike. Arches, please test and mark stable: =net-misc/dhcp-4.2.3_p1 Target keywords : "alpha amd64 arm hppa ppc ppc64 s390 sh sparc x86"
(In reply to comment #2) > when they say "if that server is configured to evaluate expressions using a > regular expression", it isn't clear if they mean "the server has enabled an > option in their dhcpd.conf" or if "the server has compiled in support for > regular expressions". From http://www.isc.org/software/dhcp/advisories/cve-2011-4539 -- "This bug cannot be triggered if you are not using regular expressions in your configuration file."
(In reply to comment #4) > "This bug cannot be triggered if you are not using regular expressions in your > configuration file." Thanks, I think that it remains 'A' because there is no default configuration.
Stable for HPPA.
Nope, it's C, because only a custom, user-created config is vulnerable.
(In reply to comment #7) > Nope, it's C, because only a custom, user-created config is vulnerable. as per: http://www.gentoo.org/security/en/vulnerability-policy.xml#doc_chap3 Dhcp is in: Common package (supposed present on at least 1/20 Gentoo installs) Default A Specific B So, at least it is B3
According to lead is B amd64 ok
Stable for AMD64, sorry for extra mailspam.
CVE-2011-4539 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4539): dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
x86 stable
arm stable
ppc/ppc64 done
alpha/s390/sh/sparc stable
Thanks everyone. @Security, please vote.
Thanks, folks. GLSA Vote: yes.
Added to pending GLSA.
This issue was resolved and addressed in GLSA 201301-06 at http://security.gentoo.org/glsa/glsa-201301-06.xml by GLSA coordinator Stefan Behte (craig).