From secunia security advisory at $URL:
The vulnerability is caused due to an error related to regular expressions, which can be exploited to cause the daemon to crash by sending specially crafted DHCP packets.
Successful exploitation requires that the server is configured to evaluate expressions using regular expressions (e.g. uses the "~~" or "~=" comparison operators).
The vulnerability is reported in versions 4.x prior to versions 4.1-ESV-R4 and 4.2.3-P1.
Update to versions 4.1-ESV-R4 or 4.2.3-P1.
I asked to vapier if is a default for gentoo configuration, if not I'll move to B3
when they say "if that server is configured to evaluate expressions using a regular expression", it isn't clear if they mean "the server has enabled an option in their dhcpd.conf" or if "the server has compiled in support for regular expressions".
for the former, we don't ship any default configs ... the user has to write everything. for the latter, there's no real way to disable regex support in the server. it relies on regex.h being available which is pretty much a given.
at any rate, dhcp-4.2.3_p1 now in the tree.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ppc ppc64 s390 sh sparc x86"
(In reply to comment #2)
> when they say "if that server is configured to evaluate expressions using a
> regular expression", it isn't clear if they mean "the server has enabled an
> option in their dhcpd.conf" or if "the server has compiled in support for
> regular expressions".
From http://www.isc.org/software/dhcp/advisories/cve-2011-4539 --
"This bug cannot be triggered if you are not using regular expressions in your configuration file."
(In reply to comment #4)
> "This bug cannot be triggered if you are not using regular expressions in your
> configuration file."
Thanks, I think that it remains 'A' because there is no default configuration.
Stable for HPPA.
Nope, it's C, because only a custom, user-created config is vulnerable.
(In reply to comment #7)
> Nope, it's C, because only a custom, user-created config is vulnerable.
as per: http://www.gentoo.org/security/en/vulnerability-policy.xml#doc_chap3
Dhcp is in: Common package (supposed present on at least 1/20 Gentoo installs) Default A
So, at least it is B3
According to lead is B
Stable for AMD64, sorry for extra mailspam.
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not
properly handle regular expressions in dhcpd.conf, which allows remote
attackers to cause a denial of service (daemon crash) via a crafted request
Thanks everyone. @Security, please vote.
Thanks, folks. GLSA Vote: yes.
Added to pending GLSA.
This issue was resolved and addressed in
GLSA 201301-06 at http://security.gentoo.org/glsa/glsa-201301-06.xml
by GLSA coordinator Stefan Behte (craig).