A vulnerability in the OpenBSD’s DHCP has been patched. This vulnerability could allow attackers on the local network to successfully launch a denial-of-service attack.
Though unlikely, Core Security, which reported the vulnerability, warns that the possibility of arbitrary code execution stemming from this vulnerability should not be discounted.
One of the results is that clients are no longer automatically assigned a new IP address. Core Security says that the flaw cannot be exploited to inject code. A similar flaw was also recently reported in the DHCP server used by VMware. According to the security advisory, the implementation in VMware is also based on that in OpenBSD. OpenBSD versions 4.0, 4.1, and 4.2 are affected. A patch has been released to remedy the problem.
You can download the patch from the Official OpenBSD site.
