CVE-2010-2156

ISC DHCP 4.0-4.0.2 and 4.1-4.1.1 - Denial of Service via Zero-Length Client ID

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-2156. PoCs published by sid, sid, theLightCosine, including Metasploit module auxiliary/dos/dhcp/isc_dhcpd_clientid.

AI-analyzed exploit summary This exploit sends a malformed DHCP request packet to trigger a denial-of-service (DoS) condition in vulnerable versions of isc-dhcpd. It uses Scapy to craft a packet with an invalid client identifier, causing the server to crash.

Description

ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.

Exploits (2)

exploitdb WORKING POC
by sid · pythondosmultiple
https://www.exploit-db.com/exploits/14185

This exploit sends a malformed DHCP request packet to trigger a denial-of-service (DoS) condition in vulnerable versions of isc-dhcpd. It uses Scapy to craft a packet with an invalid client identifier, causing the server to crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: isc-dhcpd 4.0.x, 4.1.x, 4.2.x
No auth needed
Prerequisites: Network access to the DHCP server · Valid IP address within the target subnet
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by sid, theLightCosine · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb

This Metasploit module exploits CVE-2010-2156 by sending a malformed DHCP request with a zero-length client_id option, causing the ISC DHCP server to crash due to an abnormal exit during hashing.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ISC DHCP Server versions 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1
No auth needed
Prerequisites: A valid IP address within the DHCP server's range
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:114
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40116
Various Sources x_refsource_confirm
http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40775
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14185
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59222
Various Sources x_refsource_confirm
http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024093

Scores

EPSS 0.7641
EPSS Percentile 99.5%

Details

CWE
CWE-189
Status published
Products (5)
isc/dhcp 4.1.0
isc/dhcp 4.1.1 (5 CPE variants)
isc/dhcp 4.0.0
isc/dhcp 4.0.1 (3 CPE variants)
isc/dhcp 4.0.2 (5 CPE variants)
Published Jun 07, 2010
Tracked Since Feb 18, 2026