All the vulnerabilites related to ISC - ISC DHCP
cve-2017-3144
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
Failure to properly clean up closed OMAPI connections can exhaust available sockets
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:0158 | vendor-advisory, x_refsource_REDHAT | |
https://www.debian.org/security/2018/dsa-4133 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securityfocus.com/bid/102726 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040194 | vdb-entry, x_refsource_SECTRACK | |
https://usn.ubuntu.com/3586-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://kb.isc.org/docs/aa-01541 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:28.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:0158", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0158" }, { "name": "DSA-4133", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4133" }, { "name": "102726", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102726" }, { "name": "1040194", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040194" }, { "name": "USN-3586-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3586-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/docs/aa-01541" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ISC DHCP", "vendor": "ISC", "versions": [ { "status": "affected", "version": "ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested." } ] } ], "datePublic": "2018-01-16T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-01-17T10:57:01", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "RHSA-2018:0158", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0158" }, { "name": "DSA-4133", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4133" }, { "name": "102726", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102726" }, { "name": "1040194", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040194" }, { "name": "USN-3586-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3586-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/docs/aa-01541" } ], "source": { "discovery": "UNKNOWN" }, "title": "Failure to properly clean up closed OMAPI connections can exhaust available sockets", "workarounds": [ { "lang": "en", "value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)." } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2018-01-16T00:00:00.000Z", "ID": "CVE-2017-3144", "STATE": "PUBLIC", "TITLE": "Failure to properly clean up closed OMAPI connections can exhaust available sockets" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ISC DHCP", "version": { "version_data": [ { "version_name": "ISC DHCP", "version_value": "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested." } ] } } ] }, "vendor_name": "ISC" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:0158", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0158" }, { "name": "DSA-4133", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4133" }, { "name": "102726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102726" }, { "name": "1040194", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040194" }, { "name": "USN-3586-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3586-1/" }, { "name": "https://kb.isc.org/docs/aa-01541", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01541" } ] }, "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)." } ] } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2017-3144", "datePublished": "2019-01-16T20:00:00Z", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-09-16T22:46:13.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-5732
Vulnerability from cvelistv5
Published
2019-10-09 14:17
Modified
2024-09-16 18:19
Severity ?
EPSS score ?
Summary
A specially constructed response from a malicious server can cause a buffer overflow in dhclient
References
▼ | URL | Tags |
---|---|---|
https://kb.isc.org/docs/aa-01565 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:40:51.169Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/docs/aa-01565" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ISC DHCP", "vendor": "ISC", "versions": [ { "status": "affected", "version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability." } ], "datePublic": "2018-02-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-09T14:17:14", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/docs/aa-01565" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e= DHCP 4.1-ESV-R15-P1\n \u003e= DHCP 4.3.6-P1\n \u003e= DHCP 4.4.1" } ], "source": { "discovery": "EXTERNAL" }, "title": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2018-02-28T00:00:00.000Z", "ID": "CVE-2018-5732", "STATE": "PUBLIC", "TITLE": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ISC DHCP", "version": { "version_data": [ { "version_name": "ISC DHCP", "version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0" } ] } } ] }, "vendor_name": "ISC" } ] } }, "credit": [ { "lang": "eng", "value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0" } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur." } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.isc.org/docs/aa-01565", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01565" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e= DHCP 4.1-ESV-R15-P1\n \u003e= DHCP 4.3.6-P1\n \u003e= DHCP 4.4.1" } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2018-5732", "datePublished": "2019-10-09T14:17:14.251822Z", "dateReserved": "2018-01-17T00:00:00", "dateUpdated": "2024-09-16T18:19:36.136Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2928
Vulnerability from cvelistv5
Published
2022-10-07 04:45
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
An option refcount overflow exists in dhcpd
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.326Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-2928" }, { "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html" }, { "name": "FEDORA-2022-f5a45757df", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/" }, { "name": "FEDORA-2022-9ca9a94e28", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/" }, { "name": "FEDORA-2022-c4f274a54f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ISC DHCP", "vendor": "ISC", "versions": [ { "status": "affected", "version": "4.4.0 through versions before 4.4.3-P1" }, { "status": "affected", "version": "4.1 ESV 4.1-ESV-R1 through versions before 4.1-ESV-R16-P1" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue." } ], "datePublic": "2022-10-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\u0027s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option\u0027s refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "url": "https://kb.isc.org/docs/cve-2022-2928" }, { "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html" }, { "name": "FEDORA-2022-f5a45757df", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/" }, { "name": "FEDORA-2022-9ca9a94e28", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/" }, { "name": "FEDORA-2022-c4f274a54f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2" } ], "source": { "discovery": "EXTERNAL" }, "title": "An option refcount overflow exists in dhcpd", "workarounds": [ { "lang": "en", "value": "Disable lease query on the server for DHCPv4 or restart the server periodically." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-2928", "datePublished": "2022-10-07T04:45:11.751554Z", "dateReserved": "2022-08-22T00:00:00", "dateUpdated": "2024-09-17T00:21:40.167Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2929
Vulnerability from cvelistv5
Published
2022-10-07 04:45
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
DHCP memory leak
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:59.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-2929" }, { "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html" }, { "name": "FEDORA-2022-f5a45757df", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/" }, { "name": "FEDORA-2022-9ca9a94e28", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/" }, { "name": "FEDORA-2022-c4f274a54f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ISC DHCP", "vendor": "ISC", "versions": [ { "status": "affected", "version": "1.0 through versions before 4.1-ESV-R16-P2" }, { "status": "affected", "version": "4.2 through versions before 4.4.3.-P1" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue." } ], "datePublic": "2022-10-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "url": "https://kb.isc.org/docs/cve-2022-2929" }, { "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html" }, { "name": "FEDORA-2022-f5a45757df", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/" }, { "name": "FEDORA-2022-9ca9a94e28", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/" }, { "name": "FEDORA-2022-c4f274a54f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2" } ], "source": { "discovery": "EXTERNAL" }, "title": "DHCP memory leak", "workarounds": [ { "lang": "en", "value": "As exploiting this vulnerability requires an attacker to send packets for an extended period of time, restarting servers periodically could be a viable workaround." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-2929", "datePublished": "2022-10-07T04:45:12.836741Z", "dateReserved": "2022-08-22T00:00:00", "dateUpdated": "2024-09-16T18:28:37.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25217
Vulnerability from cvelistv5
Published
2021-05-26 22:10
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:56:11.067Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2021-25217" }, { "name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/05/26/6" }, { "name": "FEDORA-2021-08cdb4dc34", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/" }, { "name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html" }, { "name": "FEDORA-2021-8ca8263bde", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220325-0011/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ISC DHCP", "vendor": "ISC", "versions": [ { "lessThan": "4.1-ESV-R16-P1", "status": "affected", "version": "4.1 ESV", "versionType": "custom" }, { "lessThan": "4.4.2-P1", "status": "affected", "version": "4.4", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Jon Franklin from Dell and Pawel Wieczorkiewicz from Amazon Web Services for (independently) reporting this vulnerability." } ], "datePublic": "2021-05-26T00:00:00", "descriptions": [ { "lang": "en", "value": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "url": "https://kb.isc.org/docs/cve-2021-25217" }, { "name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/05/26/6" }, { "name": "FEDORA-2021-08cdb4dc34", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/" }, { "name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html" }, { "name": "FEDORA-2021-8ca8263bde", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf" }, { "url": "https://security.netapp.com/advisory/ntap-20220325-0011/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of ISC DHCP:\n\n ISC DHCP 4.1-ESV-R16-P1\n ISC DHCP 4.4.2-P1" } ], "source": { "discovery": "USER" }, "title": "A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient", "workarounds": [ { "lang": "en", "value": "None known." } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2021-25217", "datePublished": "2021-05-26T22:10:11.312869Z", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-09-16T22:08:32.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-5733
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-17 04:13
Severity ?
EPSS score ?
Summary
A malicious client can overflow a reference counter in ISC dhcpd
References
▼ | URL | Tags |
---|---|---|
https://kb.isc.org/docs/aa-01567 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:0469 | vendor-advisory, x_refsource_REDHAT | |
https://www.debian.org/security/2018/dsa-4133 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3586-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2018:0483 | vendor-advisory, x_refsource_REDHAT | |
https://usn.ubuntu.com/3586-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://www.securityfocus.com/bid/103188 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040437 | vdb-entry, x_refsource_SECTRACK | |
https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:40:51.196Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/docs/aa-01567" }, { "name": "RHSA-2018:0469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0469" }, { "name": "DSA-4133", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4133" }, { "name": "USN-3586-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3586-2/" }, { "name": "RHSA-2018:0483", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0483" }, { "name": "USN-3586-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3586-1/" }, { "name": "103188", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103188" }, { "name": "1040437", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040437" }, { "name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ISC DHCP", "vendor": "ISC", "versions": [ { "status": "affected", "version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability." } ], "datePublic": "2018-02-28T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-01-17T10:57:01", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/docs/aa-01567" }, { "name": "RHSA-2018:0469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0469" }, { "name": "DSA-4133", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4133" }, { "name": "USN-3586-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3586-2/" }, { "name": "RHSA-2018:0483", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0483" }, { "name": "USN-3586-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3586-1/" }, { "name": "103188", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103188" }, { "name": "1040437", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040437" }, { "name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1" } ], "source": { "discovery": "EXTERNAL" }, "title": "A malicious client can overflow a reference counter in ISC dhcpd", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2018-02-28T00:00:00.000Z", "ID": "CVE-2018-5733", "STATE": "PUBLIC", "TITLE": "A malicious client can overflow a reference counter in ISC dhcpd" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ISC DHCP", "version": { "version_data": [ { "version_name": "ISC DHCP", "version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0" } ] } } ] }, "vendor_name": "ISC" } ] } }, "credit": [ { "lang": "eng", "value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients." } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.isc.org/docs/aa-01567", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01567" }, { "name": "RHSA-2018:0469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0469" }, { "name": "DSA-4133", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4133" }, { "name": "USN-3586-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3586-2/" }, { "name": "RHSA-2018:0483", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0483" }, { "name": "USN-3586-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3586-1/" }, { "name": "103188", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103188" }, { "name": "1040437", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040437" }, { "name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1" } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2018-5733", "datePublished": "2019-01-16T20:00:00Z", "dateReserved": "2018-01-17T00:00:00", "dateUpdated": "2024-09-17T04:13:54.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }