VULHUB ™

A vulnerability is present with current implementations of in.dhcpd, which is the Solaris DHCP server. The EDHCP daemon, in.dhcpd, will crash when receiving BOOTP packets which contain a non-null value for the ciaddr field. The ciaddr value is filled in by the client machine if it knows it's own IP address (from previouse requests or from manual configurations) and is able to respond to ARP requests. An attacker is able to exploit this vulnerability by sending a malformed BOOTP request to the DHCP server containing a non-null value for the ciaddr field.

A vulnerability is present with current implementations of in.dhcpd, which is the Solaris DHCP server. The EDHCP daemon, in.dhcpd, will crash when receiving BOOTP packets which contain a non-null value for the ciaddr field. The ciaddr value is filled in by the client machine if it knows it's own IP address (from previouse requests or from manual configurations) and is able to respond to ARP requests. An attacker is able to exploit this vulnerability by sending a malformed BOOTP request to the DHCP server containing a non-null value for the ciaddr field.