ISC DHCP DHCPv6 Vulnerability

Published: 2011-01-27
Last Updated: 2011-01-27 23:43:43 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

The Internet Systems Consortium, the makers of the open source DHCP server, indicated the DHCPv6 service may crash after processing a DHCPv6 decline message. This vulnerability has been assigned CVE 2011-0413 and affect version 4.0.x-4.2.x and maybe remotely exploitable.

Note: This DoS only affects DHCPv6 servers and there is currently no workaround.




Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: DHCPv6 DoS
2 comment(s)


Another reason to get DNS server information added to IPv6 router advertisements, and make DHCP obsolete in IPv6.
Jan 28 2011 - "... Solution: The vendor has issued a fix (4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1).
The vendor's advisory is available at:
Vendor URL:
"... Solution: Upgrade to 4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1..."

Diary Archives