Multiple vulnerabilities have been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An error when handling client identifiers can be exploited to trigger an endless loop and prevent the server from processing further client requests via a specially crafted packet.

This vulnerability is versions 4.1-ESV through 4.1-ESV-R5, 4.1.2, 4.1.2-P1, and 4.2 (including 4.2.x-Px) through 4.2.4.

2) An error when handling client identifiers when running in DHCPv6 mode can be exploited to cause a buffer overflow and crash the server via a specially crafted packet.

This vulnerability is reported in versions 4.2.0 through 4.2.4.

3) Two memory leak errors exist when processing messages and can be exploited to consume all memory and prevent the server from processing further requests by sending multiple requests to the server.

This vulnerability is reported in versions 4.1.x and 4.2.x.

Solution
Update to version 4.1-ESV-R6 or 4.2.4-P1.

Provided and/or discovered by
1, 2) Markus Hietava, Codenomicon CROSS via CERT-FI
3) The vendor credits Glen Eustace, Massey University

Changelog
Further details available to Secunia VIM customers

Original Advisory
ISC:
https://www.isc.org/software/dhcp/advisories/cve-2012-3571
https://www.isc.org/software/dhcp/advisories/cve-2012-3571
https://www.isc.org/software/dhcp/advisories/cve-2012-3954

CERT-FI:
http://www.cert.fi/en/reports/2012/vulnerability636698.html

Deep Links
Links available to Secunia VIM customers