This attack is executed by sending a the Solaris DHCP server a malformed BOOTP packet. The EDHCP daemon will crash when receiving BOOTP packets which contain a non-null value for the client IP address. This will result in a denial of service for legitimate users requesting an IP address.
Solaris DHCP server
Denial of service
Currently we are not aware of any vendor-supplied patches for this issue.