CVE-2009-1892

Name	CVE-2009-1892
Description	dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1833-2
Debian Bugs	539492, 549584

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
isc-dhcp (PTS)	jessie, jessie (lts)	4.3.1-6+deb8u6	fixed
	stretch (security)	4.3.5-3+deb9u2	fixed
	stretch (lts), stretch	4.3.5-3+deb9u3	fixed
	buster (security), buster, buster (lts)	4.4.1-2+deb10u3	fixed
	bullseye	4.4.1-2.3+deb11u2	fixed
	bullseye (security)	4.4.1-2.3+deb11u1	fixed
	bookworm	4.4.3-P1-2	fixed
	sid, trixie	4.4.3-P1-5	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
dhcp3	source	etch	(not affected)
dhcp3	source	lenny	3.1.1-6+lenny3		DSA-1833-2
dhcp3	source	(unstable)	3.1.2p1-2	low		549584
isc-dhcp	source	(unstable)	3.1.2p1-2	low		539492

[etch] - dhcp3 <not-affected> (problematic assert is not present)