All the vulnerabilites related to isc - dhcp
Vulnerability from fkie_nvd
Published
2013-03-28 16:55
Modified
2024-11-21 01:51
Severity ?
Summary
libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.isc.org/article/AA-00880/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/article/AA-00880/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3EE047-6A23-4BFF-9576-9E4CA63BA153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1707B3D-29F7-46C6-8A0A-D776E062FD4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "493B7D92-18A4-4221-AEDD-917404C47E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65689412-A35D-40B9-8671-DE8FF63C3DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "E85A27A0-A83B-4BBF-A3B8-5219F2053902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0383976E-DF90-4850-A1A3-D1965B50A511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
},
{
"lang": "es",
"value": "libdns en ISC DHCP v4.2.x antes de v4.2.5-P1 permite a los servidores de nombres remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de vectores relacionados con una expresi\u00f3n regular, como lo demuestra un ataque memoria de agotamiento contra un equipo que ejecuta un proceso de dhcpd, un tema relacionado con CVE-2013-2266."
}
],
"id": "CVE-2013-2494",
"lastModified": "2024-11-21T01:51:52.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-28T16:55:01.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00880/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00880/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 04:09
Severity ?
Summary
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B88B6F8-3F13-4984-BBCF-F79BE911F15D",
"versionEndIncluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAC6E78-8F98-42C3-BE19-276826F84752",
"versionEndIncluding": "4.3.6",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*",
"matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*",
"matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*",
"matchCriteriaId": "20040BB3-F157-4505-BB60-0D919A7D1436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*",
"matchCriteriaId": "974A8587-8351-490A-82D9-B541862CA4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*",
"matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*",
"matchCriteriaId": "EE991D0E-2E2D-4844-9BBD-235D8BC5FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*",
"matchCriteriaId": "975EF88C-988F-40A6-B7D1-D27439144CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13C8AD22-6E39-4899-88B2-7ED44BE890A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0."
},
{
"lang": "es",
"value": "Un cliente malicioso al que se le permite enviar grandes cantidades de tr\u00e1fico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhcpd. Afecta a ISC DHCP desde la versi\u00f3n 4.1.0 hasta la 4.1-ESV-R15, desde la versi\u00f3n 4.2.0 hasta la 4.2.8, desde la versi\u00f3n 4.3.0 hasta la 4.3.6 y a la versi\u00f3n 4.4.0."
}
],
"id": "CVE-2018-5733",
"lastModified": "2024-11-21T04:09:16.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T20:29:00.753",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-17 16:30
Modified
2024-11-21 01:03
Severity ?
Summary
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*",
"matchCriteriaId": "327FEE54-79EC-4B5E-B838-F3C61FCDF48E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*",
"matchCriteriaId": "056C1C15-D110-4309-A9A6-41BD753FE4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*",
"matchCriteriaId": "08392974-5AC1-4B12-893F-3F733EF05F80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the \"dhcpd -t\" command."
},
{
"lang": "es",
"value": "La funci\u00f3n configtest en la secuencia de comandos de inicio del DHCPD en Red Hat para DHCP 3.0.1 en Red Hat Enterprise Linux (RHEL) 3 permite a usuarios locales sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un fichero temporal no especificado, relativo al comando \"dhcpd -t\"."
}
],
"id": "CVE-2009-1893",
"lastModified": "2024-11-21T01:03:38.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-17T16:30:00.890",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35831"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1022554"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/35670"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-15 03:55
Modified
2024-11-21 01:33
Severity ?
Summary
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.6 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:p1:*:*:*:*:*:*",
"matchCriteriaId": "8387F752-D920-4891-9DCB-4CCDE8461DE5",
"versionEndIncluding": "4.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel1:*:*:*:*:*",
"matchCriteriaId": "CED58016-46F0-4665-985B-DA74FB146F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel10:*:*:*:*:*",
"matchCriteriaId": "60CF9BD0-B2CD-4D37-85AB-BEC48B574EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel11:*:*:*:*:*",
"matchCriteriaId": "F7976068-FF49-4A34-B435-4224E34AEC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel12:*:*:*:*:*",
"matchCriteriaId": "1509896E-865A-428F-A668-D94538EA172C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel13:*:*:*:*:*",
"matchCriteriaId": "1F9DEF18-F2E7-42BB-A99F-56CB98AD292C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel14:*:*:*:*:*",
"matchCriteriaId": "500BAE2D-BDE3-4960-8CA2-AC37D598F698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel15:*:*:*:*:*",
"matchCriteriaId": "18D4C846-C7B9-4371-B48E-0C69882EA702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel16:*:*:*:*:*",
"matchCriteriaId": "12482D44-06C6-45EB-83B0-559AF22A7E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel18:*:*:*:*:*",
"matchCriteriaId": "48863BF7-1A7F-4318-BF67-302A34EB4970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel19:*:*:*:*:*",
"matchCriteriaId": "1EAE0593-DA68-4D38-A5D4-0A3F3CB7D47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel2:*:*:*:*:*",
"matchCriteriaId": "46CD08A2-BBB4-4477-AB70-22E938873BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel20:*:*:*:*:*",
"matchCriteriaId": "EF45264F-4E92-47C7-9979-2FDB069A1582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel21:*:*:*:*:*",
"matchCriteriaId": "69FB5D2E-52D4-4010-8CC5-EBC7A89D537A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel22:*:*:*:*:*",
"matchCriteriaId": "ECD650FF-A75F-4E19-A4E1-5EFC937292C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel23:*:*:*:*:*",
"matchCriteriaId": "1A5F1555-CE8D-481B-8F0F-EB6EC36C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel24:*:*:*:*:*",
"matchCriteriaId": "FD9DDBA0-77D0-482D-93EE-4F65215BA1B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel3:*:*:*:*:*",
"matchCriteriaId": "1E02470D-1508-4F50-920D-6201F6DF8C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel4:*:*:*:*:*",
"matchCriteriaId": "B139A35A-D199-4891-90A9-EA8632EDF01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel5:*:*:*:*:*",
"matchCriteriaId": "511146C2-A7F4-4E43-854B-0ABF7B64449F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel6:*:*:*:*:*",
"matchCriteriaId": "4B685143-F267-40A9-8D7F-CF106F4706D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel7:*:*:*:*:*",
"matchCriteriaId": "605E3131-2AD4-486D-AB0E-9625A00FE13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel8:*:*:*:*:*",
"matchCriteriaId": "05B1BA61-DF1A-4817-8320-9BB7BA890356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:beta2:patchlevel9:*:*:*:*:*",
"matchCriteriaId": "EE3BC91D-A46B-460E-9736-1EE8B0489B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CB378EB8-45C6-4143-BC15-02C5417E99C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc1:patchlevel1:*:*:*:*:*",
"matchCriteriaId": "DD3851CF-93A4-4478-80DE-EB4FA2AD1C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "BBA95784-E478-4476-833E-89F7E1291413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc11:*:*:*:*:*:*",
"matchCriteriaId": "8C32A7F5-AC86-4587-9324-409242EFF21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc12:*:*:*:*:*:*",
"matchCriteriaId": "06EC71C2-F95C-4633-940F-D21EF03285C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "942778E1-3FF6-4CA9-A309-0C4908FAD0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc2:patchlevel1:*:*:*:*:*",
"matchCriteriaId": "BAA8D5D1-A01C-4209-A399-FE33FEBAC357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0E01CC47-B3B4-4806-9ED3-128A7129D9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5FF38786-9928-4582-AA9D-2BC7B93C1A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5AD60A88-B50B-49C2-B5FD-B3AA548E279F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BA940163-BF8D-4120-AFC4-100AFB493247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "4A19685C-C842-4B58-A2F1-3D777BF30486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "37B6EDC1-EA03-4B5A-82D7-3099F3E243A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc8:patchlevel1:*:*:*:*:*",
"matchCriteriaId": "A17E1A4A-5EFE-4595-9E3D-1668FD16573C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:rc9:*:*:*:*:*:*",
"matchCriteriaId": "7F6A8E0B-C61F-483C-8FF1-390FD58F80D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47856E-E679-4F5D-9280-78E0E59AFD0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "06E8A13B-EC20-43C3-8141-816BADC705BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2BE83F2A-FBE2-4CED-B60E-F1FF5AC446B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91A77DE4-E547-46AB-86C6-360D387953F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88D957D5-8896-49FF-821E-8B5096B1F986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
"matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
"matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1269D9FF-C497-4FA5-90DA-302A9FC1EB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
"matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
"matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "929CEDEC-6D65-4E1C-97DA-B6BFF3BFEFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C921FD4C-E274-40C9-AFC8-CB0861889E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "50BE7B3C-59D7-4FA7-A1A2-40B12EBA3832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "3F4BA541-795B-4EC2-AF47-82F331F79A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "B89FC09F-EC04-4B40-A797-10A26D15F6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "4E510E61-0842-45EC-92E2-BE4BD584887A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "E76F0561-864D-4091-8E4F-6C2DA1B77E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "BB54A820-124E-4106-A55D-19947F32852E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "40C764F4-8FAD-477E-92E5-79D234673478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "36045DDB-48C6-48CA-AAAF-A3487EF7A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "ECA81B95-97B7-4A56-A448-6E5DB6FA5F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3EE047-6A23-4BFF-9576-9E4CA63BA153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1707B3D-29F7-46C6-8A0A-D776E062FD4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "493B7D92-18A4-4221-AEDD-917404C47E6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update."
},
{
"lang": "es",
"value": "La funcionalidad de registro en el dhcpd de ISC DHCP anterior a v4.2.3-P2, cuando se utiliza DNS din\u00e1mico (DDNS) y direcciones IPv6, no maneja correctamente la estructura de arrendamiento (lease structure) DHCPv6, permitiendo a atacantes remotos provocar una denegaci\u00f3n de servicio (puntero a NULL y el ca\u00edda del servicio) mediante paquetes especialmente elaborados en relaci\u00f3n con una actualizaci\u00f3n lease-status."
}
],
"id": "CVE-2011-4868",
"lastModified": "2024-11-21T01:33:09.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-15T03:55:12.953",
"references": [
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"source": "cve@mitre.org",
"url": "https://kb.isc.org/article/AA-00705"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kb.isc.org/article/AA-00705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-15 21:55
Modified
2024-11-21 01:28
Severity ?
Summary
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.6 | |
| isc | dhcp | 3.1 | |
| isc | dhcp | 3.1-esv | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 4.0 | |
| isc | dhcp | 4.0-esv | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
"matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
"matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
"matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
"matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
"matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9B9007-1F13-4991-B44C-47D8EB56FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "432C01D0-A1F1-4D16-B9B4-D8AAA9D13226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
"matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "427C13A1-C73C-4352-902C-2DA3B6C51BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "22F98A8C-2C14-40F2-9CA6-FDB909CAB4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
"matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "3B3EFEAF-F562-488B-9EF4-1467CEF719AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50853A-BAE7-499B-A3D7-468A08A07BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet."
},
{
"lang": "es",
"value": "El servidor en ISC DHCP v3.x y v4.x anterior a v4.2.2, v3.1-ESV anterior a v3.1-ESV-R3, y v4.1-ESV anterior a v4.1-ESV-R3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (salida de demonio) a trav\u00e9s de un paquete BOOTP manipulado."
}
],
"id": "CVE-2011-2749",
"lastModified": "2024-11-21T01:28:53.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-15T21:55:02.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45582"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45595"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45639"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45817"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45918"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46780"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hermes.opensuse.org/messages/11695711"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 05:15
Modified
2024-11-21 07:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29B372FC-4ADF-480F-82EA-677BA9CE80F9",
"versionEndExcluding": "4.1-esv",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3828370A-E2C3-40C6-A4D4-A0E4FE932AD0",
"versionEndIncluding": "4.4.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*",
"matchCriteriaId": "3BC02748-557A-4131-A372-D99B62B4B93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*",
"matchCriteriaId": "76A11284-3D81-45F0-8055-17282945C14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*",
"matchCriteriaId": "98431CF5-D4C2-4FCF-BA81-0BBB631546D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16-p1:*:*:*:*:*:*",
"matchCriteriaId": "FEA9F857-B59F-4D2D-8F7B-0D1BF08E9712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory."
},
{
"lang": "es",
"value": "En ISC DHCP versiones 1.0 anteriores a 4.4.3, ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16-P1, un sistema con acceso a un servidor DHCP, enviando paquetes DHCP dise\u00f1ados para incluir etiquetas fqdn de m\u00e1s de 63 bytes, podr\u00eda llegar a causar a el servidor quedarse sin memoria"
}
],
"id": "CVE-2022-2929",
"lastModified": "2024-11-21T07:01:56.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-10-07T05:15:11.320",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"source": "security-officer@isc.org",
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-08 11:55
Modified
2024-11-21 01:32
Severity ?
Summary
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "22F98A8C-2C14-40F2-9CA6-FDB909CAB4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
"matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "3B3EFEAF-F562-488B-9EF4-1467CEF719AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50853A-BAE7-499B-A3D7-468A08A07BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet."
},
{
"lang": "es",
"value": "dhcpd en ISC DHCP v4.x antes de v4.2.3-P1 y v4.1-ESV antes de v4.1-ESV-R4 no manipula correctamente expresiones regulares en dhcpd.conf, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del deminio) a trav\u00e9s de un paquete de petici\u00f3n modificado."
}
],
"id": "CVE-2011-4539",
"lastModified": "2024-11-21T01:32:30.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-08T11:55:02.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47153"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47178"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/50971"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026393"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1309-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/50971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1309-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-14 20:30
Modified
2024-11-21 01:00
Severity ?
Summary
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3F60D5-1AC2-4FBD-9CA5-775F082D339D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9B9007-1F13-4991-B44C-47D8EB56FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el m\u00e9todo script_write_params en client/dhclient.c en ISC DHCP dhclient v4.1 anteriores a v4.1.0p1, v4.0 anteriores a v4.0.1p1, v3.1 anteriores a v3.1.2p1, v3.0, y v2.0 permite a servidores DHCP remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una opci\u00f3n manipulada subnet-mask."
}
],
"id": "CVE-2009-0692",
"lastModified": "2024-11-21T01:00:42.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-14T20:30:00.217",
"references": [
{
"source": "cret@cert.org",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"source": "cret@cert.org",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"source": "cret@cert.org",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35785"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35829"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35830"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35831"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35832"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35841"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35849"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35850"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35851"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35880"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/36457"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/37342"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/40551"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"source": "cret@cert.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561471"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/55819"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/35668"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1022548"
},
{
"source": "cret@cert.org",
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"source": "cret@cert.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"source": "cret@cert.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"source": "cret@cert.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"source": "cret@cert.org",
"url": "https://www.isc.org/downloadables/12"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.isc.org/node/468"
},
{
"source": "cret@cert.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
},
{
"source": "cret@cert.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/55819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.isc.org/downloadables/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.isc.org/node/468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vendorComments": [
{
"comment": "This issue affected the dhcp packages as shipped with Red Hat Enterprise Linux 3 and 4. Updated packages to correct this issue are available via Red Hat Network:\n\nhttps://rhn.redhat.com/errata/CVE-2009-0692.html\n\nThis issue did not affect the dhcp packages as shipped with Red Hat Enterprise Linux 5 due to the use of FORTIFY_SOURCE protection mechanism that changes the exploitability of the issue into a controlled application termination.",
"lastModified": "2009-07-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-31 21:00
Modified
2024-11-21 01:23
Severity ?
Summary
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.0 | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.0-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "22F98A8C-2C14-40F2-9CA6-FDB909CAB4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
"matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "3B3EFEAF-F562-488B-9EF4-1467CEF719AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "427C13A1-C73C-4352-902C-2DA3B6C51BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address."
},
{
"lang": "es",
"value": "El servidor DHCPv6 en ISC DHCP v4.0.x y v4.1.x anterior a v.4.1.2-P1, v.4.0-ESV y v.4.1-ESV anterior a v.4.1-ESV-R1, y v.4.2.x anterior a v.4.2.1b1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio enviando mensajes sobre IPv6 para un declinado y abandono de la direcci\u00f3n."
}
],
"id": "CVE-2011-0413",
"lastModified": "2024-11-21T01:23:55.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-31T21:00:18.110",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43006"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43104"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43167"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43354"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43613"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024999"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2184"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/686084"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022"
},
{
"source": "cret@cert.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/70680"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/46035"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0235"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0266"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0300"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0400"
},
{
"source": "cret@cert.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0583"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/686084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/70680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/46035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00456"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-25 10:42
Modified
2024-11-21 01:41
Severity ?
Summary
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "40C764F4-8FAD-477E-92E5-79D234673478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "36045DDB-48C6-48CA-AAAF-A3487EF7A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "ECA81B95-97B7-4A56-A448-6E5DB6FA5F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "9B63D409-60F5-4AB9-A576-8672D42E071E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A1C3F3E-CFB2-40F2-89F4-735AAE042F65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65689412-A35D-40B9-8671-DE8FF63C3DCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
},
{
"lang": "es",
"value": "M\u00faltiples fugas de memoria en ISC DHCP 4.1.x y 4.2.x anterior a 4.2.4-P1 y 4.1-ESV anterior a 4.1-ESV-R6, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante el env\u00edo de multitud de peticiones."
}
],
"id": "CVE-2012-3954",
"lastModified": "2024-11-21T01:41:51.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-25T10:42:35.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00737"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-09 15:59
Modified
2024-11-21 02:48
Severity ?
Summary
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.5 | |
| isc | dhcp | 4.2.6 | |
| isc | dhcp | 4.2.6 | |
| isc | dhcp | 4.2.6 | |
| isc | dhcp | 4.2.7 | |
| isc | dhcp | 4.2.7 | |
| isc | dhcp | 4.2.7 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.2.8 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.0 | |
| isc | dhcp | 4.3.1 | |
| isc | dhcp | 4.3.1 | |
| isc | dhcp | 4.3.1 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.2 | |
| isc | dhcp | 4.3.3 | |
| isc | dhcp | 4.3.3 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*",
"matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*",
"matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*",
"matchCriteriaId": "20040BB3-F157-4505-BB60-0D919A7D1436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*",
"matchCriteriaId": "974A8587-8351-490A-82D9-B541862CA4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*",
"matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*",
"matchCriteriaId": "EE991D0E-2E2D-4844-9BBD-235D8BC5FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*",
"matchCriteriaId": "975EF88C-988F-40A6-B7D1-D27439144CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "40C764F4-8FAD-477E-92E5-79D234673478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "36045DDB-48C6-48CA-AAAF-A3487EF7A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "ECA81B95-97B7-4A56-A448-6E5DB6FA5F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "F92474BB-7CC0-47EE-A608-190F70AAFE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "9B63D409-60F5-4AB9-A576-8672D42E071E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A1C3F3E-CFB2-40F2-89F4-735AAE042F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "6CE0BBF8-7FB8-44DD-8C6B-30A657BA9EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "B3AF9E2C-E0BC-427C-9F13-BCB15916F5B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "4A290541-BF9E-4E18-A941-0ACC40509A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "F13E1B0F-5731-4949-9D35-497D1D49882C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "E85A27A0-A83B-4BBF-A3B8-5219F2053902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "50D601E4-C5EF-4A6E-9EF8-FB9E24D5C6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADDDFFB6-046E-407E-9B2E-D4BC18D416CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "042495FE-3E6A-4602-8E5A-8F4BBD9E3245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:-:*:*:*:*:*:*",
"matchCriteriaId": "331D2BBF-858F-49E8-AD2A-01668848F5D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:b1:*:*:*:*:*:*",
"matchCriteriaId": "5EDCDDC5-6A8F-490B-BFB9-094259A7AF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "5368A7D2-4709-4302-8EB9-D1A16449E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A368842A-E2A8-4689-A6CA-2349AAF55EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3DC8FB80-A6CA-46C7-B5CE-FD6B0BD4CF4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:b1:*:*:*:*:*:*",
"matchCriteriaId": "9C602DE3-F326-4810-81D9-21CED82D400A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA0D6DF6-039F-44FA-9B6B-6ED0A0D898A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:-:*:*:*:*:*:*",
"matchCriteriaId": "01318107-989F-4800-9E30-F89424836D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:b1:*:*:*:*:*:*",
"matchCriteriaId": "DCB3FA8B-597A-4E27-8CC6-D1B164C6A99F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2A331218-0BD5-4084-B1B7-A002A7FCDADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "CD8082FC-3004-4A18-AA49-67FB49E33E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:b1:*:*:*:*:*:*",
"matchCriteriaId": "7F7B441D-4E20-41B7-8B21-39FCC5E80976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "422B12D1-8395-47F1-8A4F-AA964C1AA9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1CC2583E-F9E7-4FB1-B59C-070458E4C228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "368D2368-FC25-419A-B309-400D790DF54F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "90FE2884-4468-4D56-9929-C799FA7BF119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B02C7E44-2F8B-40D7-B57A-5B78A6BD891F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80DC9586-9846-4E61-82F4-F0FF1A61F89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "745B6602-696B-4ED8-9D62-D236DA5159AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "43235DDF-B8E1-48F5-906F-F1100F29DEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C279D9B3-A774-4D4F-A52B-22CE633ACDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "EC991ABB-E23E-46E4-9D8A-3E351ADE282A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0241F629-A09E-4CC7-B6A5-48E041C2C390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "570BB5C3-CA10-4440-917E-4E88BDDD5656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "50C6B9BB-136F-4F79-A329-DE8F361EF00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7AED2A3E-E969-4AC0-8928-9E53A07078BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "632B45FA-D76A-4EB6-A208-225B560845FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
},
{
"lang": "es",
"value": "ISC DHCP 4.1.x en versiones anteriores a 4.1-ESV-R13 y 4.2.x y 4.3.x en versiones anteriores a 4.3.4 no restringe el n\u00famero de sesiones TCP concurrentes, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n INSIST o interrupci\u00f3n de procesamiento de petici\u00f3n) estableciendo muchas sesiones."
}
],
"id": "CVE-2016-2774",
"lastModified": "2024-11-21T02:48:46.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-09T15:59:00.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-15 21:55
Modified
2024-11-21 01:28
Severity ?
Summary
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 3.0 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.1 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.2 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.3 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.4 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.5 | |
| isc | dhcp | 3.0.6 | |
| isc | dhcp | 3.1 | |
| isc | dhcp | 3.1-esv | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.0 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.1 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.2 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 3.1.3 | |
| isc | dhcp | 4.0 | |
| isc | dhcp | 4.0-esv | |
| isc | dhcp | 4.0.0 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.1 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.2 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.0.3 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
"matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
"matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
"matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
"matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
"matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9B9007-1F13-4991-B44C-47D8EB56FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "432C01D0-A1F1-4D16-B9B4-D8AAA9D13226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
"matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "427C13A1-C73C-4352-902C-2DA3B6C51BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "22F98A8C-2C14-40F2-9CA6-FDB909CAB4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
"matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "3B3EFEAF-F562-488B-9EF4-1467CEF719AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50853A-BAE7-499B-A3D7-468A08A07BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet."
},
{
"lang": "es",
"value": "El servidor en ISC DHCP v3.x y v4.x anterior a v4.2.2, v3.1-ESV anterior a v3.1-ESV-R3, y v4.1-ESV anterior a v4.1-ESV-R3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (salida de demonio) a trav\u00e9s de un paquete DHCP manipulado."
}
],
"id": "CVE-2011-2748",
"lastModified": "2024-11-21T01:28:53.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-15T21:55:02.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://redmine.pfsense.org/issues/1888"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45582"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45595"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45639"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45817"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45918"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46780"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69139"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://redmine.pfsense.org/issues/1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/45918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hermes.opensuse.org/messages/11695711"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Severity ?
Summary
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B88B6F8-3F13-4984-BBCF-F79BE911F15D",
"versionEndIncluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAC6E78-8F98-42C3-BE19-276826F84752",
"versionEndIncluding": "4.3.6",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*",
"matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*",
"matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*",
"matchCriteriaId": "20040BB3-F157-4505-BB60-0D919A7D1436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*",
"matchCriteriaId": "974A8587-8351-490A-82D9-B541862CA4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*",
"matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*",
"matchCriteriaId": "EE991D0E-2E2D-4844-9BBD-235D8BC5FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*",
"matchCriteriaId": "975EF88C-988F-40A6-B7D1-D27439144CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
},
{
"lang": "es",
"value": "Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descriptores del socket disponibles para el servidor DHCP. Afecta a ISC DHCP desde la versi\u00f3n 4.1.0 hasta la 4.1-ESV-R15, desde la versi\u00f3n 4.2.0 hasta la 4.2.8 y desde la versi\u00f3n 4.3.0 hasta la 4.3.6. Las versiones anteriores podr\u00edan hacerse visto afectadas, pero han sobrepasado por mucho su fin de vida \u00fatil. Las versiones anteriores a la 4.1.0 no han sido probadas."
}
],
"id": "CVE-2017-3144",
"lastModified": "2024-11-21T03:24:55.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-officer@isc.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T20:29:00.627",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01541"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 05:15
Modified
2024-11-21 07:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82DF9AAC-429A-43EB-83EF-0FEFBB95BF26",
"versionEndIncluding": "4.4.3",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*",
"matchCriteriaId": "3BC02748-557A-4131-A372-D99B62B4B93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*",
"matchCriteriaId": "76A11284-3D81-45F0-8055-17282945C14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*",
"matchCriteriaId": "98431CF5-D4C2-4FCF-BA81-0BBB631546D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16-p1:*:*:*:*:*:*",
"matchCriteriaId": "FEA9F857-B59F-4D2D-8F7B-0D1BF08E9712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\u0027s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort."
},
{
"lang": "es",
"value": "En ISC DHCP versiones 4.4.0 anteriores a 4.4.3, ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16-P1, cuando la funci\u00f3n option_code_hash_lookup() es llamada desde add_option(), incrementa el campo refcount de la opci\u00f3n. Sin embargo, no se presenta una llamada correspondiente a option_dereference() para disminuir el campo refcount. La funci\u00f3n add_option() s\u00f3lo es usada en las respuestas del servidor a paquetes de consulta de arrendamiento. Cada respuesta de consulta de arrendamiento llama a esta funci\u00f3n para varias opciones, por lo que eventualmente, los contadores de referencia podr\u00edan desbordarse y causar a el servidor abortar"
}
],
"id": "CVE-2022-2928",
"lastModified": "2024-11-21T07:01:56.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-10-07T05:15:08.677",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"source": "security-officer@isc.org",
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-14 22:59
Modified
2024-11-21 02:38
Severity ?
Summary
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:unified_threat_management_up2date:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2A62A0-5181-4919-A689-27634634FE67",
"versionEndIncluding": "9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sophos:unified_threat_management_up2date:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E22C98-BA1F-4B29-AD13-3C932759E0AC",
"versionEndIncluding": "9.353",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBC3A7C-1025-4DF6-8250-44C38CB52444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "81CE9ABB-6FAD-4830-BA4B-ABBF39051CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*",
"matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*",
"matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*",
"matchCriteriaId": "20040BB3-F157-4505-BB60-0D919A7D1436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*",
"matchCriteriaId": "974A8587-8351-490A-82D9-B541862CA4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*",
"matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*",
"matchCriteriaId": "EE991D0E-2E2D-4844-9BBD-235D8BC5FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*",
"matchCriteriaId": "975EF88C-988F-40A6-B7D1-D27439144CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "F92474BB-7CC0-47EE-A608-190F70AAFE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "9B63D409-60F5-4AB9-A576-8672D42E071E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A1C3F3E-CFB2-40F2-89F4-735AAE042F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "6CE0BBF8-7FB8-44DD-8C6B-30A657BA9EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "B3AF9E2C-E0BC-427C-9F13-BCB15916F5B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "4A290541-BF9E-4E18-A941-0ACC40509A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "F13E1B0F-5731-4949-9D35-497D1D49882C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "E85A27A0-A83B-4BBF-A3B8-5219F2053902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "50D601E4-C5EF-4A6E-9EF8-FB9E24D5C6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADDDFFB6-046E-407E-9B2E-D4BC18D416CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "042495FE-3E6A-4602-8E5A-8F4BBD9E3245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:-:*:*:*:*:*:*",
"matchCriteriaId": "331D2BBF-858F-49E8-AD2A-01668848F5D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:b1:*:*:*:*:*:*",
"matchCriteriaId": "5EDCDDC5-6A8F-490B-BFB9-094259A7AF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "5368A7D2-4709-4302-8EB9-D1A16449E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A368842A-E2A8-4689-A6CA-2349AAF55EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3DC8FB80-A6CA-46C7-B5CE-FD6B0BD4CF4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:b1:*:*:*:*:*:*",
"matchCriteriaId": "9C602DE3-F326-4810-81D9-21CED82D400A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA0D6DF6-039F-44FA-9B6B-6ED0A0D898A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBB8D6D-6523-47BF-8BA2-3AA58A93091D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:b1:*:*:*:*:*:*",
"matchCriteriaId": "DCB3FA8B-597A-4E27-8CC6-D1B164C6A99F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2A331218-0BD5-4084-B1B7-A002A7FCDADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B9253A7A-2980-4910-99D0-CFA8A5AF1C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:b1:*:*:*:*:*:*",
"matchCriteriaId": "7F7B441D-4E20-41B7-8B21-39FCC5E80976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "422B12D1-8395-47F1-8A4F-AA964C1AA9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1CC2583E-F9E7-4FB1-B59C-070458E4C228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB3F688-0DCC-4E19-87C8-1511BBA27A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "90FE2884-4468-4D56-9929-C799FA7BF119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "B02C7E44-2F8B-40D7-B57A-5B78A6BD891F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80DC9586-9846-4E61-82F4-F0FF1A61F89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "735B3054-DAE3-4F4D-8804-0615A009E05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "43235DDF-B8E1-48F5-906F-F1100F29DEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C279D9B3-A774-4D4F-A52B-22CE633ACDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F58E090-C22E-4907-9AA3-D9D36CF4CD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0241F629-A09E-4CC7-B6A5-48E041C2C390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "570BB5C3-CA10-4440-917E-4E88BDDD5656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "50C6B9BB-136F-4F79-A329-DE8F361EF00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9784E8F1-6CC4-4A36-8010-A09A52811DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.3.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "632B45FA-D76A-4EB6-A208-225B560845FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet."
},
{
"lang": "es",
"value": "ISC DHCP 4.x en versiones anteriores a 4.1-ESV-R12-P1, 4.2.x y 4.3.x en versiones anteriores a 4.3.3-P1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una longitud de campo no v\u00e1lida en un paquete UDP IPv4."
}
],
"id": "CVE-2015-8605",
"lastModified": "2024-11-21T02:38:48.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-14T22:59:00.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-01334"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-14 10:33
Modified
2024-11-21 01:41
Severity ?
Summary
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.0 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.1 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.1.2 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "78214BCE-9739-40B9-A32E-89C16F7195DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "40C764F4-8FAD-477E-92E5-79D234673478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "36045DDB-48C6-48CA-AAAF-A3487EF7A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "ECA81B95-97B7-4A56-A448-6E5DB6FA5F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A91F4FD9-1797-4B9C-AFB8-EC6445119DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "09F19067-DD99-4B26-8125-0801459ED6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "9B63D409-60F5-4AB9-A576-8672D42E071E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A1C3F3E-CFB2-40F2-89F4-735AAE042F65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced."
},
{
"lang": "es",
"value": "ISC DHCP v4.1-4.1.x antes de v4.1-ESV-R7 y v4.2.x antes de v4.2.4-P2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) en determinadas circunstancias mediante el establecimiento de un \u0027lease\u0027 IPv6 en un entorno donde la expiraci\u00f3n del leasing es posteriormente reducida.\r\n"
}
],
"id": "CVE-2012-3955",
"lastModified": "2024-11-21T01:41:52.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-14T10:33:21.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51318"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027528"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00779"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-25 10:42
Modified
2024-11-21 01:41
Severity ?
Summary
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.0 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.1 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.2 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.3 | |
| isc | dhcp | 4.2.4 | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE50853A-BAE7-499B-A3D7-468A08A07BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65689412-A35D-40B9-8671-DE8FF63C3DCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
"matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*",
"matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*",
"matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*",
"matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier."
},
{
"lang": "es",
"value": "ISC DHCP v4.1.2 a v4.2.4 y v4.1-ESV antes de v4.1-ESV-R6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y excesivo consumo de CPU) a trav\u00e9s de un identificador de cliente con formato incorrecto.\r\n"
}
],
"id": "CVE-2012-3571",
"lastModified": "2024-11-21T01:41:09.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-25T10:42:35.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00712"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-04 18:00
Modified
2024-11-21 01:19
Severity ?
Summary
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBC3A7C-1025-4DF6-8250-44C38CB52444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "234EE34E-44F4-45F0-A19A-D369BA5043C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field."
},
{
"lang": "es",
"value": "ISC DHCP server v4.0 anterior a v4.0.2, v4.1 anterior a v4.1.2, y v4.2 anterior a v4.2-P1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un paquete DHCPv6 contiendo un mensaje Relay-Forward sin una direcci\u00f3n en el campo de direcci\u00f3n de enlace Relay-Forward"
}
],
"id": "CVE-2010-3611",
"lastModified": "2024-11-21T01:19:13.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-11-04T18:00:02.627",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"source": "cret@cert.org",
"url": "http://osvdb.org/68999"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42082"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/42345"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/42407"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/102047"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/44615"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2879"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/3044"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/3092"
},
{
"source": "cret@cert.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/68999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/102047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:09
Severity ?
Summary
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-officer@isc.org | https://kb.isc.org/docs/aa-01565 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/docs/aa-01565 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | dhcp | * | |
| isc | dhcp | * | |
| isc | dhcp | * | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1-esv | |
| isc | dhcp | 4.1.2 | |
| isc | dhcp | 4.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A611E97-A264-4B4C-93CE-7FC01FE5F708",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "257C8915-697E-4274-8BCB-43B690FA5C96",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "341617C4-C370-44AD-9138-14EBB3A758F1",
"versionEndExcluding": "4.3.6",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
"matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
"matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3b1:*:*:*:*:*:*",
"matchCriteriaId": "C19C3B91-215D-4697-84D9-13CC18445C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*",
"matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*",
"matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5b1:*:*:*:*:*:*",
"matchCriteriaId": "4EF0CF57-C49C-4801-B4E1-7D82C3F6E3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5rc1:*:*:*:*:*:*",
"matchCriteriaId": "8290ECB4-3B70-4126-BF10-68A5A863E297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5rc2:*:*:*:*:*:*",
"matchCriteriaId": "6D35C997-593E-4994-9501-2010D98459D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*",
"matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*",
"matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*",
"matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8b1:*:*:*:*:*:*",
"matchCriteriaId": "9421E40A-FF8D-426B-99A0-24DCD8D9B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8rc1:*:*:*:*:*:*",
"matchCriteriaId": "81BB427C-AE69-4BFB-B956-F62373FA1EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*",
"matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9b1:*:*:*:*:*:*",
"matchCriteriaId": "7A08F801-2A32-492F-BAB4-8E32E9981CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2FDBA4F-CDE8-4767-8C41-328FF9ACB2EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA5D825C-B72A-44F5-AF24-4F3200881ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13C8AD22-6E39-4899-88B2-7ED44BE890A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
},
{
"lang": "es",
"value": "Un fallo al comprobar apropiadamente los l\u00edmites de un b\u00fafer usado para procesar las opciones de DHCP, permite a un servidor malicioso (o a una entidad que se hace pasar por un servidor) causar un desbordamiento del b\u00fafer (y el bloqueo resultante) en dhclient mediante el env\u00edo de una respuesta que contiene una secci\u00f3n de opciones especialmente construida. Afecta a ISC DHCP versiones 4.1.0 hasta 4.1-ESV-R15, 4.2.0 hasta 4.2.8, 4.3.0 hasta 4.3.6, y 4.4.0."
}
],
"id": "CVE-2018-5732",
"lastModified": "2024-11-21T04:09:16.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:13.407",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/aa-01565"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-17 16:30
Modified
2024-11-21 01:03
Severity ?
Summary
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1269D9FF-C497-4FA5-90DA-302A9FC1EB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4_b1:*:*:*:*:*:*:*",
"matchCriteriaId": "34BCCA79-76A8-494A-94CA-BB8FA11891DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4_b2:*:*:*:*:*:*:*",
"matchCriteriaId": "5442D329-81D5-4891-A063-FC6A07D7E1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4_b3:*:*:*:*:*:*:*",
"matchCriteriaId": "14F64C1F-92E7-4190-9472-046F34C28539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22D732C6-F89B-4FCA-A949-3F67B4E7A7F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests."
},
{
"lang": "es",
"value": "dhcpd en ISC DHCP v3.0.4 y v3.1.1, cuando se utilizan de forma simult\u00e1nea el identificador de cliente dhcp y la configuraci\u00f3n de hardware ethernet, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n no especificada."
}
],
"id": "CVE-2009-1892",
"lastModified": "2024-11-21T01:03:38.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-17T16:30:00.843",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35830"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35851"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/36457"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37342"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:154"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35669"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51717"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. Red Hat Enterprise Linux 3, 4, and 5 provide earlier versions of ISC DHCP which are not vulnerable to this issue.",
"lastModified": "2009-07-20T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-07 17:13
Modified
2024-11-21 01:16
Severity ?
Summary
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "234EE34E-44F4-45F0-A19A-D369BA5043C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "4479C934-BF9A-428F-AD22-41C45B70C546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*",
"matchCriteriaId": "11EE9507-6827-4CFF-B3B4-9DC4DE3E0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
"matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBC3A7C-1025-4DF6-8250-44C38CB52444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "307F45F2-05F6-4391-B961-75043E2D7D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
"matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID."
},
{
"lang": "es",
"value": "ISC DHCP v4.1 anterior v4.1.1-P1 y v4.0 anterior v4.0.2-P1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (salida servidor) a trav\u00e9s de un cliente ID zero-length."
}
],
"id": "CVE-2010-2156",
"lastModified": "2024-11-21T01:16:02.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-07T17:13:07.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES"
},
{
"source": "cve@mitre.org",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40116"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/14185"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:114"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40775"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024093"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/14185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59222"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-08 15:17
Modified
2024-11-21 01:25
Severity ?
Summary
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "87CBA8DD-650D-4A67-924C-B108CEE74BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
"matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
"matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
"matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
"matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
"matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
"matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
"matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
},
{
"lang": "es",
"value": "dhclient en ISC DHCP 3.0.x hasta la versi\u00f3n 4.2.x en versiones anteriores a 4.2.1-P1, 3.1-ESV en versiones anteriores a 3.1-ESV-R1 y 4.1-ESV en versiones anteriores a 4.1-ESV-R2 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en un nombre de anfitri\u00f3n obtenido de un mensaje DHCP, como es demostrado por un nombre de anfitri\u00f3n dado por dhclient-script."
}
],
"id": "CVE-2011-0997",
"lastModified": "2024-11-21T01:25:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-08T15:17:27.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44037"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44048"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44089"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44090"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44103"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44127"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44180"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025300"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/71493"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/47176"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1108-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/71493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/47176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1108-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-17 19:00
Modified
2024-11-21 01:19
Severity ?
Summary
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520."
},
{
"lang": "es",
"value": "ISC DHCP Server v4.2 anteriore a v4.2.0-P2, cuando est\u00e1 configurado para utilizar las asociaciones de redundancia, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (estado de las comunicaciones interrumpidas y la p\u00e9rdida de servicio de cliente DHCP) mediante la conexi\u00f3n a un puerto que s\u00f3lo se dise\u00f1\u00f3 como par de redundancia, como lo demuestra un proceso de chequeo check_tcp al puerto TCP 520.\r\n"
}
],
"id": "CVE-2010-3616",
"lastModified": "2024-11-21T01:19:14.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-17T19:00:20.137",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42618"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/42682"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/159528"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:001"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/45360"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1024862"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3208"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2011/0052"
},
{
"source": "cret@cert.org",
"url": "https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/159528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-25 10:42
Modified
2024-11-21 01:41
Severity ?
Summary
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFCB588-F1C0-4276-993C-CB0FA2BE21F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3EE047-6A23-4BFF-9576-9E4CA63BA153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1707B3D-29F7-46C6-8A0A-D776E062FD4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "493B7D92-18A4-4221-AEDD-917404C47E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA0C3173-8630-4613-B1D3-711468FC3749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "F104AD27-0AE0-4853-B19C-1D83070A0DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65689412-A35D-40B9-8671-DE8FF63C3DCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en ISC DHCP v4.2.x antes de v4.2.4-P1, cuando el modo DHCPv6 est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y parada del demonio) a trav\u00e9s de un par\u00e1metro \"identificador de cliente\" modificado para tal fin.\r\n"
}
],
"id": "CVE-2012-3570",
"lastModified": "2024-11-21T01:41:09.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-25T10:42:35.710",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/article/AA-00714"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-26 22:15
Modified
2024-11-21 05:54
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106A3E98-3D4B-47F7-80AD-49A47A7B20D6",
"versionEndIncluding": "4.4.2",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"matchCriteriaId": "CA5FAE54-1645-4A38-A431-10E67304399A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"matchCriteriaId": "2C0D1A71-CECB-4C86-87F6-EB3741BDF692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"matchCriteriaId": "9E01D88D-876D-45FE-B7ED-089DAD801EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B030B1-F008-4562-93C7-7E1C6D3D00F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"matchCriteriaId": "FF656F5E-B317-4E0C-BF01-EC2A917142DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"matchCriteriaId": "FFD3109A-1D76-4EA7-BF39-0B203AD945CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"matchCriteriaId": "2156D1BC-90AE-4AF3-964C-DAC7DCE14A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"matchCriteriaId": "BA8ADA07-94FA-4014-AF70-8FCAF5F0DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"matchCriteriaId": "A2E0124D-6330-4013-8145-4309FDAE60A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*",
"matchCriteriaId": "3BC02748-557A-4131-A372-D99B62B4B93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*",
"matchCriteriaId": "76A11284-3D81-45F0-8055-17282945C14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*",
"matchCriteriaId": "98431CF5-D4C2-4FCF-BA81-0BBB631546D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC90F7B5-81FB-43C5-8658-78589F26A4B2",
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD4008-DB6A-4749-A426-D2DE44819A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14720DF0-EBA3-4173-9472-163EBC688586",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E79B422-C844-411C-AA49-CFD73D3C6E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D09DE9BF-E5F5-40E8-BD31-8090A7A6FACA",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAEC5C-06EE-4C58-A981-EBF5860CEF16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A05BE2-7F53-49B7-9831-44E97E9ABA4B",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0751225A-6E9C-4281-93A4-A048920FF7C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9290F77E-4E1C-4B01-8C6E-4AEFB37C373A",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD195547-C770-4696-BB58-C0EC5FA38C29",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41ADD701-AD49-46B2-A12E-219CCED32298",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0D2FC6-C24B-4AF8-813F-4432728A2021",
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C70D90-E8FA-4343-9027-152A99D79C82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E06BA0F-8D2A-48AF-B012-07F181F83828",
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1775F3B-6F47-4134-8B4E-CF6337FF546C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28795B18-748A-46AF-B600-5CC7A7A95068",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E33F2-E89B-4008-BED2-CF2296801078",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2788BC61-D5EB-4E44-A896-0A416CC6D51E",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5",
"versionEndExcluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted."
},
{
"lang": "es",
"value": "En ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16, ISC DHCP versiones 4.4.0 anteriores a 4.4.2 (Otras ramas de ISC DHCP (es decir, versiones de la serie 4.0.x o inferiores y versiones de la serie 4.3.x) est\u00e1n m\u00e1s all\u00e1 de su End-of-Life (EOL) y ya no son soportadas por ISC. El resultado de encontrar el fallo mientras se lee un contrato de arrendamiento que lo desencadena var\u00eda, seg\u00fan: el componente afectado (es decir, dhclient o dhcpd) si el paquete se construy\u00f3 como un binario de 32 o 64 bits si fue usado el flag del compilador -fstack-protection-strong al compilar En dhclient, ISC no ha reproducido con \u00e9xito el error en un sistema de 64 bits. Sin embargo, en un sistema de 32 bits es posible causar a dhclient bloquearse cuando leen un contrato de arrendamiento inapropiado, lo que podr\u00eda causar problemas de conectividad de red para un sistema afectado debido a la ausencia de un proceso de cliente DHCP en ejecuci\u00f3n. En dhcpd, cuando se ejecuta en modo DHCPv4 o DHCPv6: si el binario del servidor dhcpd fue construido para una arquitectura de 32 bits Y se especific\u00f3 el flag -fstack-protection-strong al compilador, dhcpd puede salir mientras analiza un archivo de arrendamiento que contiene un arrendamiento objetable, resultando en la falta de servicio a los clientes. Si el binario del servidor dhcpd fue construido para una arquitectura de 64 bits O si la flag -fstack-protection-strong del compilador NO fue especificado, el bloqueo no ocurrir\u00e1, pero es posible que el contrato de arrendamiento ofensivo y el que le sigue sean borrados inapropiadamente"
}
],
"id": "CVE-2021-25217",
"lastModified": "2024-11-21T05:54:34.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "security-officer@isc.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-05-26T22:15:07.947",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"source": "security-officer@isc.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"source": "security-officer@isc.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"source": "security-officer@isc.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"source": "security-officer@isc.org",
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-2494
Vulnerability from cvelistv5
Published
2013-03-28 16:00
Modified
2024-09-16 19:52
Severity ?
EPSS score ?
Summary
libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.isc.org/article/AA-00880/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:31.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00880/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-28T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00880/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/article/AA-00880/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00880/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2494",
"datePublished": "2013-03-28T16:00:00Z",
"dateReserved": "2013-03-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:52:30.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3954
Vulnerability from cvelistv5
Published
2012-07-25 10:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1027300 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2012/dsa-2516 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2012-1141.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html | vendor-advisory, x_refsource_SUSE | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.debian.org/security/2012/dsa-2519 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.ubuntu.com/usn/USN-1519-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://kb.isc.org/article/AA-00737 | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-201301-06.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/54665 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027300",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027300"
},
{
"name": "DSA-2516",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "https://kb.isc.org/article/AA-00737",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00737"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3954",
"datePublished": "2012-07-25T10:00:00",
"dateReserved": "2012-07-11T00:00:00",
"dateUpdated": "2024-08-06T20:21:04.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4539
Vulnerability from cvelistv5
Published
2011-12-08 11:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
},
{
"name": "47153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47153"
},
{
"name": "FEDORA-2011-16976",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
},
{
"name": "USN-1309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1309-1"
},
{
"name": "openSUSE-SU-2011:1318",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
},
{
"name": "isc-dhcp-dhcpd-regex-dos(71680)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
},
{
"name": "47178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
},
{
"name": "FEDORA-2011-16981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "1026393",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026393"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "50971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2011:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
},
{
"name": "47153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47153"
},
{
"name": "FEDORA-2011-16976",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
},
{
"name": "USN-1309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1309-1"
},
{
"name": "openSUSE-SU-2011:1318",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
},
{
"name": "isc-dhcp-dhcpd-regex-dos(71680)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
},
{
"name": "47178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
},
{
"name": "FEDORA-2011-16981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "1026393",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026393"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "50971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
},
{
"name": "47153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47153"
},
{
"name": "FEDORA-2011-16976",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
},
{
"name": "USN-1309-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1309-1"
},
{
"name": "openSUSE-SU-2011:1318",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
},
{
"name": "isc-dhcp-dhcpd-regex-dos(71680)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
},
{
"name": "47178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47178"
},
{
"name": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539",
"refsource": "CONFIRM",
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
},
{
"name": "FEDORA-2011-16981",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
},
{
"name": "DSA-2519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "1026393",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026393"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "50971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4539",
"datePublished": "2011-12-08T11:00:00",
"dateReserved": "2011-11-22T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4868
Vulnerability from cvelistv5
Published
2012-01-15 02:00
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.isc.org/article/AA-00705 | x_refsource_CONFIRM | |
| https://www.isc.org/software/dhcp/advisories/cve-2011-4868 | x_refsource_CONFIRM | |
| https://deepthought.isc.org/article/AA-00595 | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-201301-06.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/article/AA-00705",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00705"
},
{
"name": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868",
"refsource": "CONFIRM",
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"name": "https://deepthought.isc.org/article/AA-00595",
"refsource": "CONFIRM",
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4868",
"datePublished": "2012-01-15T02:00:00",
"dateReserved": "2011-12-19T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0692
Vulnerability from cvelistv5
Published
2009-07-14 20:16
Modified
2024-08-07 04:48
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:51.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/node/468"
},
{
"name": "35830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35830"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"name": "35832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35832"
},
{
"name": "SSRT100018",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "35850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35850"
},
{
"name": "35785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35785"
},
{
"name": "VU#410676",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"name": "35880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35880"
},
{
"name": "SUSE-SA:2009:037",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"name": "HPSBMA02554",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "FEDORA-2009-9075",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "40551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40551"
},
{
"name": "55819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55819"
},
{
"name": "35668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35668"
},
{
"name": "DSA-1833",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "GLSA-200907-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"name": "MDVSA-2009:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"name": "RHSA-2009:1136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"name": "35831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35831"
},
{
"name": "35829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35829"
},
{
"name": "ADV-2010-1796",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"name": "35841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35841"
},
{
"name": "oval:org.mitre.oval:def:5941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"name": "oval:org.mitre.oval:def:10758",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"name": "USN-803-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"name": "NetBSD-SA2009-010",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/downloadables/12"
},
{
"name": "RHSA-2009:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"name": "37342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35851"
},
{
"name": "35849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35849"
},
{
"name": "SSA:2009-195-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561471"
},
{
"name": "1022548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022548"
},
{
"name": "36457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36457"
},
{
"name": "FEDORA-2009-8344",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "ADV-2009-1891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/node/468"
},
{
"name": "35830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35830"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"name": "35832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35832"
},
{
"name": "SSRT100018",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "35850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35850"
},
{
"name": "35785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35785"
},
{
"name": "VU#410676",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"name": "35880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35880"
},
{
"name": "SUSE-SA:2009:037",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"name": "HPSBMA02554",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "FEDORA-2009-9075",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "40551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40551"
},
{
"name": "55819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55819"
},
{
"name": "35668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35668"
},
{
"name": "DSA-1833",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "GLSA-200907-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"name": "MDVSA-2009:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"name": "RHSA-2009:1136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"name": "35831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35831"
},
{
"name": "35829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35829"
},
{
"name": "ADV-2010-1796",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"name": "35841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35841"
},
{
"name": "oval:org.mitre.oval:def:5941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"name": "oval:org.mitre.oval:def:10758",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"name": "USN-803-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"name": "NetBSD-SA2009-010",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/downloadables/12"
},
{
"name": "RHSA-2009:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"name": "37342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35851"
},
{
"name": "35849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35849"
},
{
"name": "SSA:2009-195-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561471"
},
{
"name": "1022548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022548"
},
{
"name": "36457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36457"
},
{
"name": "FEDORA-2009-8344",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-0692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"name": "https://www.isc.org/node/468",
"refsource": "CONFIRM",
"url": "https://www.isc.org/node/468"
},
{
"name": "35830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35830"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=507717",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"name": "35832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35832"
},
{
"name": "SSRT100018",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "35850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35850"
},
{
"name": "35785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35785"
},
{
"name": "VU#410676",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"name": "35880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35880"
},
{
"name": "SUSE-SA:2009:037",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"name": "HPSBMA02554",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "FEDORA-2009-9075",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "40551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40551"
},
{
"name": "55819",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55819"
},
{
"name": "35668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35668"
},
{
"name": "DSA-1833",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "GLSA-200907-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"name": "MDVSA-2009:151",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"name": "RHSA-2009:1136",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"name": "35831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35831"
},
{
"name": "35829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35829"
},
{
"name": "ADV-2010-1796",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"name": "35841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35841"
},
{
"name": "oval:org.mitre.oval:def:5941",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"name": "oval:org.mitre.oval:def:10758",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"name": "USN-803-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"name": "NetBSD-SA2009-010",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"name": "https://www.isc.org/downloadables/12",
"refsource": "CONFIRM",
"url": "https://www.isc.org/downloadables/12"
},
{
"name": "RHSA-2009:1154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"name": "37342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35851"
},
{
"name": "35849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35849"
},
{
"name": "SSA:2009-195-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561471"
},
{
"name": "1022548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022548"
},
{
"name": "36457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36457"
},
{
"name": "FEDORA-2009-8344",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-0692",
"datePublished": "2009-07-14T20:16:00",
"dateReserved": "2009-02-22T00:00:00",
"dateUpdated": "2024-08-07T04:48:51.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5733
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-17 04:13
Severity ?
EPSS score ?
Summary
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.isc.org/docs/aa-01567 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:0469 | vendor-advisory, x_refsource_REDHAT | |
| https://www.debian.org/security/2018/dsa-4133 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/3586-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://access.redhat.com/errata/RHSA-2018:0483 | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/3586-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/103188 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040437 | vdb-entry, x_refsource_SECTRACK | |
| https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html | mailing-list, x_refsource_MLIST |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A malicious client can overflow a reference counter in ISC dhcpd",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5733",
"STATE": "PUBLIC",
"TITLE": "A malicious client can overflow a reference counter in ISC dhcpd"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/aa-01567",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01567"
},
{
"name": "RHSA-2018:0469",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0469"
},
{
"name": "DSA-4133",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "USN-3586-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-2/"
},
{
"name": "RHSA-2018:0483",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0483"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "103188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103188"
},
{
"name": "1040437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040437"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1313-1] isc-dhcp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2018-5733",
"datePublished": "2019-01-16T20:00:00Z",
"dateReserved": "2018-01-17T00:00:00",
"dateUpdated": "2024-09-17T04:13:54.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3616
Vulnerability from cvelistv5
Published
2010-12-17 18:00
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/42618 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/3208 | vdb-entry, x_refsource_VUPEN | |
| http://www.vupen.com/english/advisories/2011/0052 | vdb-entry, x_refsource_VUPEN | |
| https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html | mailing-list, x_refsource_MLIST | |
| https://www.isc.org/software/dhcp/advisories/cve-2010-3616 | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/159528 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id?1024862 | vdb-entry, x_refsource_SECTRACK | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:001 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/45360 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/42682 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-18856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html"
},
{
"name": "42618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42618"
},
{
"name": "ADV-2010-3208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3208"
},
{
"name": "ADV-2011-0052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0052"
},
{
"name": "[dhcp-users] 20101207 nagios check_tcp kills failover, then dhcp failure.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616"
},
{
"name": "VU#159528",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/159528"
},
{
"name": "1024862",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024862"
},
{
"name": "MDVSA-2011:001",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:001"
},
{
"name": "45360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45360"
},
{
"name": "42682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-11T10:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "FEDORA-2010-18856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html"
},
{
"name": "42618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42618"
},
{
"name": "ADV-2010-3208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3208"
},
{
"name": "ADV-2011-0052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0052"
},
{
"name": "[dhcp-users] 20101207 nagios check_tcp kills failover, then dhcp failure.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616"
},
{
"name": "VU#159528",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/159528"
},
{
"name": "1024862",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024862"
},
{
"name": "MDVSA-2011:001",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:001"
},
{
"name": "45360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45360"
},
{
"name": "42682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-3616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-18856",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html"
},
{
"name": "42618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42618"
},
{
"name": "ADV-2010-3208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3208"
},
{
"name": "ADV-2011-0052",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0052"
},
{
"name": "[dhcp-users] 20101207 nagios check_tcp kills failover, then dhcp failure.",
"refsource": "MLIST",
"url": "https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html"
},
{
"name": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616",
"refsource": "CONFIRM",
"url": "https://www.isc.org/software/dhcp/advisories/cve-2010-3616"
},
{
"name": "VU#159528",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/159528"
},
{
"name": "1024862",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024862"
},
{
"name": "MDVSA-2011:001",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:001"
},
{
"name": "45360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45360"
},
{
"name": "42682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-3616",
"datePublished": "2010-12-17T18:00:00",
"dateReserved": "2010-09-27T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2749
Vulnerability from cvelistv5
Published
2011-08-15 21:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1190-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"name": "FEDORA-2011-10705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45918"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-1190-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"name": "FEDORA-2011-10705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45918"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1190-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"name": "FEDORA-2011-10705",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49120"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45582"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45918"
},
{
"name": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45639"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729382",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2749",
"datePublished": "2011-08-15T21:00:00",
"dateReserved": "2011-07-14T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2774
Vulnerability from cvelistv5
Published
2016-03-09 15:26
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2590.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1035196 | vdb-entry, x_refsource_SECTRACK | |
| https://kb.isc.org/article/AA-01354 | x_refsource_CONFIRM | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/3586-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/84208 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-24T19:07:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2016:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2590",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2590.html"
},
{
"name": "1035196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035196"
},
{
"name": "https://kb.isc.org/article/AA-01354",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01354"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "FEDORA-2016-821f013cb1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "openSUSE-SU-2016:1843",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html"
},
{
"name": "FEDORA-2016-c93d49faf3",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html"
},
{
"name": "84208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84208"
},
{
"name": "[debian-lts-announce] 20191124 [SECURITY] [DLA 2003-1] isc-dhcp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2774",
"datePublished": "2016-03-09T15:26:00",
"dateReserved": "2016-02-26T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3611
Vulnerability from cvelistv5
Published
2010-11-04 17:00
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
},
{
"name": "iscdhcp-relayforward-dos(62965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
},
{
"name": "42082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42082"
},
{
"name": "ADV-2010-2879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2879"
},
{
"name": "MDVSA-2010:226",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
},
{
"name": "42345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42345"
},
{
"name": "ADV-2010-3044",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3044"
},
{
"name": "RHSA-2010:0923",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
},
{
"name": "ADV-2010-3092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3092"
},
{
"name": "FEDORA-2010-17312",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
},
{
"name": "44615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44615"
},
{
"name": "68999",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/68999"
},
{
"name": "SUSE-SR:2010:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "42407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42407"
},
{
"name": "FEDORA-2010-17303",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"name": "VU#102047",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/102047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
},
{
"name": "iscdhcp-relayforward-dos(62965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
},
{
"name": "42082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42082"
},
{
"name": "ADV-2010-2879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2879"
},
{
"name": "MDVSA-2010:226",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
},
{
"name": "42345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42345"
},
{
"name": "ADV-2010-3044",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3044"
},
{
"name": "RHSA-2010:0923",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
},
{
"name": "ADV-2010-3092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3092"
},
{
"name": "FEDORA-2010-17312",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
},
{
"name": "44615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44615"
},
{
"name": "68999",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/68999"
},
{
"name": "SUSE-SR:2010:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "42407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42407"
},
{
"name": "FEDORA-2010-17303",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"name": "VU#102047",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/102047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-3611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
},
{
"name": "iscdhcp-relayforward-dos(62965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
},
{
"name": "42082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42082"
},
{
"name": "ADV-2010-2879",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2879"
},
{
"name": "MDVSA-2010:226",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
},
{
"name": "42345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42345"
},
{
"name": "ADV-2010-3044",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3044"
},
{
"name": "RHSA-2010:0923",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=649877",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
},
{
"name": "ADV-2010-3092",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3092"
},
{
"name": "FEDORA-2010-17312",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
},
{
"name": "44615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44615"
},
{
"name": "68999",
"refsource": "OSVDB",
"url": "http://osvdb.org/68999"
},
{
"name": "SUSE-SR:2010:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "42407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42407"
},
{
"name": "FEDORA-2010-17303",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"name": "VU#102047",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/102047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-3611",
"datePublished": "2010-11-04T17:00:00",
"dateReserved": "2010-09-27T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2929
Vulnerability from cvelistv5
Published
2022-10-07 04:45
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "1.0 through versions before 4.1-ESV-R16-P2"
},
{
"status": "affected",
"version": "4.2 through versions before 4.4.3.-P1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue."
}
],
"datePublic": "2022-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2022-2929"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DHCP memory leak",
"workarounds": [
{
"lang": "en",
"value": "As exploiting this vulnerability requires an attacker to send packets for an extended period of time, restarting servers periodically could be a viable workaround."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-2929",
"datePublished": "2022-10-07T04:45:12.836741Z",
"dateReserved": "2022-08-22T00:00:00",
"dateUpdated": "2024-09-16T18:28:37.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3570
Vulnerability from cvelistv5
Published
2012-07-25 10:00
Modified
2024-08-06 20:13
Severity ?
EPSS score ?
Summary
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html | vendor-advisory, x_refsource_SUSE | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 | vendor-advisory, x_refsource_MANDRIVA | |
| http://security.gentoo.org/glsa/glsa-201301-06.xml | vendor-advisory, x_refsource_GENTOO | |
| https://kb.isc.org/article/AA-00714 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/54665 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "https://kb.isc.org/article/AA-00714",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00714"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3570",
"datePublished": "2012-07-25T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:13:50.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25217
Vulnerability from cvelistv5
Published
2021-05-26 22:10
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"name": "FEDORA-2021-08cdb4dc34",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"name": "FEDORA-2021-8ca8263bde",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"lessThan": "4.1-ESV-R16-P1",
"status": "affected",
"version": "4.1 ESV",
"versionType": "custom"
},
{
"lessThan": "4.4.2-P1",
"status": "affected",
"version": "4.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Jon Franklin from Dell and Pawel Wieczorkiewicz from Amazon Web Services for (independently) reporting this vulnerability."
}
],
"datePublic": "2021-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"name": "FEDORA-2021-08cdb4dc34",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
},
{
"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"name": "FEDORA-2021-8ca8263bde",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP:\n\n ISC DHCP 4.1-ESV-R16-P1\n ISC DHCP 4.4.2-P1"
}
],
"source": {
"discovery": "USER"
},
"title": "A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient",
"workarounds": [
{
"lang": "en",
"value": "None known."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2021-25217",
"datePublished": "2021-05-26T22:10:11.312869Z",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-09-16T22:08:32.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1893
Vulnerability from cvelistv5
Published
2009-07-17 16:00
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1022554 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51718 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/35670 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35831 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=510024 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2009-1154.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022554"
},
{
"name": "oval:org.mitre.oval:def:11597",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
},
{
"name": "oval:org.mitre.oval:def:6440",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
},
{
"name": "dhcp-dhcpdt-symlink(51718)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
},
{
"name": "35670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35670"
},
{
"name": "35831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
},
{
"name": "RHSA-2009:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the \"dhcpd -t\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1022554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022554"
},
{
"name": "oval:org.mitre.oval:def:11597",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
},
{
"name": "oval:org.mitre.oval:def:6440",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
},
{
"name": "dhcp-dhcpdt-symlink(51718)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
},
{
"name": "35670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35670"
},
{
"name": "35831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
},
{
"name": "RHSA-2009:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1893",
"datePublished": "2009-07-17T16:00:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8605
Vulnerability from cvelistv5
Published
2016-01-14 22:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1034657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034657"
},
{
"name": "openSUSE-SU-2016:0610",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html"
},
{
"name": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/",
"refsource": "CONFIRM",
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "https://kb.isc.org/article/AA-01334",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01334"
},
{
"name": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/",
"refsource": "CONFIRM",
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "FEDORA-2016-0c5bb21bf1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html"
},
{
"name": "DSA-3442",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3442"
},
{
"name": "USN-2868-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2868-1"
},
{
"name": "FEDORA-2016-adb533a418",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "80703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/80703"
},
{
"name": "openSUSE-SU-2016:0601",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8605",
"datePublished": "2016-01-14T22:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3571
Vulnerability from cvelistv5
Published
2012-07-25 10:00
Modified
2024-08-06 20:13
Severity ?
EPSS score ?
Summary
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:51.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://kb.isc.org/article/AA-00712",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00712"
},
{
"name": "DSA-2516",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2516"
},
{
"name": "RHSA-2012:1141",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html"
},
{
"name": "MDVSA-2012:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116"
},
{
"name": "openSUSE-SU-2012:1006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "MDVSA-2012:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115"
},
{
"name": "DSA-2519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2519"
},
{
"name": "USN-1519-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1519-1"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "RHSA-2012:1140",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1140.html"
},
{
"name": "54665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3571",
"datePublished": "2012-07-25T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:13:51.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2156
Vulnerability from cvelistv5
Published
2010-06-07 13:38
Modified
2024-08-07 02:25
Severity ?
EPSS score ?
Summary
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:114 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/40116 | third-party-advisory, x_refsource_SECUNIA | |
| http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/40775 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/14185 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59222 | vdb-entry, x_refsource_XF | |
| http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1024093 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:06.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:114"
},
{
"name": "40116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES"
},
{
"name": "FEDORA-2010-9433",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html"
},
{
"name": "40775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40775"
},
{
"name": "14185",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14185"
},
{
"name": "dhcp-zero-length-dos(59222)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES"
},
{
"name": "1024093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2010:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:114"
},
{
"name": "40116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES"
},
{
"name": "FEDORA-2010-9433",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html"
},
{
"name": "40775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40775"
},
{
"name": "14185",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14185"
},
{
"name": "dhcp-zero-length-dos(59222)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES"
},
{
"name": "1024093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:114"
},
{
"name": "40116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40116"
},
{
"name": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES",
"refsource": "CONFIRM",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES"
},
{
"name": "FEDORA-2010-9433",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html"
},
{
"name": "40775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40775"
},
{
"name": "14185",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14185"
},
{
"name": "dhcp-zero-length-dos(59222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59222"
},
{
"name": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES",
"refsource": "CONFIRM",
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES"
},
{
"name": "1024093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2156",
"datePublished": "2010-06-07T13:38:00",
"dateReserved": "2010-06-03T00:00:00",
"dateUpdated": "2024-08-07T02:25:06.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2748
Vulnerability from cvelistv5
Published
2011-08-15 21:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1190-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://redmine.pfsense.org/issues/1888"
},
{
"name": "FEDORA-2011-10705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"name": "isc-dhcp-packet-dos(69139)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45918"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-1190-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://redmine.pfsense.org/issues/1888"
},
{
"name": "FEDORA-2011-10705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"name": "isc-dhcp-packet-dos(69139)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45918"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1190-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1190-1"
},
{
"name": "http://redmine.pfsense.org/issues/1888",
"refsource": "CONFIRM",
"url": "http://redmine.pfsense.org/issues/1888"
},
{
"name": "FEDORA-2011-10705",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
},
{
"name": "45595",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45595"
},
{
"name": "openSUSE-SU-2011:1021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
},
{
"name": "DSA-2292",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2292"
},
{
"name": "RHSA-2011:1160",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
},
{
"name": "1025918",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025918"
},
{
"name": "45817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45817"
},
{
"name": "49120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49120"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
},
{
"name": "isc-dhcp-packet-dos(69139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69139"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "45582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45582"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=517665\u0026action=diff"
},
{
"name": "45918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45918"
},
{
"name": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
},
{
"name": "45639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45639"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729382",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
},
{
"name": "45629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2748",
"datePublished": "2011-08-15T21:00:00",
"dateReserved": "2011-07-14T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2928
Vulnerability from cvelistv5
Published
2022-10-07 04:45
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "4.4.0 through versions before 4.4.3-P1"
},
{
"status": "affected",
"version": "4.1 ESV 4.1-ESV-R1 through versions before 4.1-ESV-R16-P1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue."
}
],
"datePublic": "2022-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\u0027s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option\u0027s refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2022-2928"
},
{
"name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html"
},
{
"name": "FEDORA-2022-f5a45757df",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/"
},
{
"name": "FEDORA-2022-9ca9a94e28",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/"
},
{
"name": "FEDORA-2022-c4f274a54f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/"
},
{
"name": "GLSA-202305-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An option refcount overflow exists in dhcpd",
"workarounds": [
{
"lang": "en",
"value": "Disable lease query on the server for DHCPv4 or restart the server periodically."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-2928",
"datePublished": "2022-10-07T04:45:11.751554Z",
"dateReserved": "2022-08-22T00:00:00",
"dateUpdated": "2024-09-17T00:21:40.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5732
Vulnerability from cvelistv5
Published
2019-10-09 14:17
Modified
2024-09-16 18:19
Severity ?
EPSS score ?
Summary
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.isc.org/docs/aa-01565 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T14:17:14",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01565"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e= DHCP 4.1-ESV-R15-P1\n \u003e= DHCP 4.3.6-P1\n \u003e= DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5732",
"STATE": "PUBLIC",
"TITLE": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -\u003e 4.1-ESV-R15, 4.2.0 -\u003e 4.2.8, 4.3.0 -\u003e 4.3.6, 4.4.0"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/aa-01565",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01565"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n \u003e= DHCP 4.1-ESV-R15-P1\n \u003e= DHCP 4.3.6-P1\n \u003e= DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2018-5732",
"datePublished": "2019-10-09T14:17:14.251822Z",
"dateReserved": "2018-01-17T00:00:00",
"dateUpdated": "2024-09-16T18:19:36.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1892
Vulnerability from cvelistv5
Published
2009-07-17 16:00
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/35830 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51717 | vdb-entry, x_refsource_XF | |
| https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2009/dsa-1833 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/35669 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/37342 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/35851 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/36457 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:154 | vendor-advisory, x_refsource_MANDRIVA | |
| https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35830"
},
{
"name": "dhcp-dhcp-dos(51717)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51717"
},
{
"name": "FEDORA-2009-9075",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "DSA-1833",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "35669",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35669"
},
{
"name": "37342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35851"
},
{
"name": "36457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36457"
},
{
"name": "MDVSA-2009:154",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:154"
},
{
"name": "FEDORA-2009-8344",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "35830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35830"
},
{
"name": "dhcp-dhcp-dos(51717)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51717"
},
{
"name": "FEDORA-2009-9075",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "DSA-1833",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "35669",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35669"
},
{
"name": "37342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35851"
},
{
"name": "36457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36457"
},
{
"name": "MDVSA-2009:154",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:154"
},
{
"name": "FEDORA-2009-8344",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1892",
"datePublished": "2009-07-17T16:00:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3955
Vulnerability from cvelistv5
Published
2012-09-14 10:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-14149",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2012-14149",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027528"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-14149",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html"
},
{
"name": "openSUSE-SU-2012:1252",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html"
},
{
"name": "USN-1571-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1571-1"
},
{
"name": "openSUSE-SU-2012:1234",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html"
},
{
"name": "DSA-2551",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2551"
},
{
"name": "51318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51318"
},
{
"name": "MDVSA-2012:153",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153"
},
{
"name": "FEDORA-2012-13910",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html"
},
{
"name": "55530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55530"
},
{
"name": "FEDORA-2012-14076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html"
},
{
"name": "RHSA-2013:0504",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of"
},
{
"name": "openSUSE-SU-2012:1254",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "https://kb.isc.org/article/AA-00779",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00779"
},
{
"name": "1027528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027528"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3955",
"datePublished": "2012-09-14T10:00:00",
"dateReserved": "2012-07-11T00:00:00",
"dateUpdated": "2024-08-06T20:21:04.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3144
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0158 | vendor-advisory, x_refsource_REDHAT | |
| https://www.debian.org/security/2018/dsa-4133 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/102726 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040194 | vdb-entry, x_refsource_SECTRACK | |
| https://usn.ubuntu.com/3586-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://kb.isc.org/docs/aa-01541 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ISC DHCP",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "RHSA-2018:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01541"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Failure to properly clean up closed OMAPI connections can exhaust available sockets",
"workarounds": [
{
"lang": "en",
"value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-01-16T00:00:00.000Z",
"ID": "CVE-2017-3144",
"STATE": "PUBLIC",
"TITLE": "Failure to properly clean up closed OMAPI connections can exhaust available sockets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0158",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
},
{
"name": "DSA-4133",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4133"
},
{
"name": "102726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102726"
},
{
"name": "1040194",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040194"
},
{
"name": "USN-3586-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3586-1/"
},
{
"name": "https://kb.isc.org/docs/aa-01541",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01541"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2017-3144",
"datePublished": "2019-01-16T20:00:00Z",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-09-16T22:46:13.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0997
Vulnerability from cvelistv5
Published
2011-04-08 15:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47176"
},
{
"name": "ADV-2011-0886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"name": "44103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44103"
},
{
"name": "RHSA-2011:0840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
},
{
"name": "44037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"name": "ADV-2011-0926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"name": "HPSBMU02752",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "44127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44127"
},
{
"name": "MDVSA-2011:073",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
},
{
"name": "SSRT100802",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "ADV-2011-0909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"name": "oval:org.mitre.oval:def:12812",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
},
{
"name": "71493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71493"
},
{
"name": "44090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44090"
},
{
"name": "44048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44048"
},
{
"name": "FEDORA-2011-4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
},
{
"name": "iscdhcp-dhclient-command-execution(66580)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"name": "ADV-2011-0879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"name": "VU#107886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"name": "1025300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025300"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "SSA:2011-097-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"name": "ADV-2011-1000",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"name": "ADV-2011-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"name": "ADV-2011-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"name": "37623",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "44180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44180"
},
{
"name": "DSA-2217",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"name": "USN-1108-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1108-1"
},
{
"name": "DSA-2216",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"name": "FEDORA-2011-4897",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
},
{
"name": "RHSA-2011:0428",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
},
{
"name": "44089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47176"
},
{
"name": "ADV-2011-0886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"name": "44103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44103"
},
{
"name": "RHSA-2011:0840",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
},
{
"name": "44037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"name": "ADV-2011-0926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"name": "HPSBMU02752",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "44127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44127"
},
{
"name": "MDVSA-2011:073",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
},
{
"name": "SSRT100802",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "ADV-2011-0909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"name": "oval:org.mitre.oval:def:12812",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
},
{
"name": "71493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71493"
},
{
"name": "44090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44090"
},
{
"name": "44048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44048"
},
{
"name": "FEDORA-2011-4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
},
{
"name": "iscdhcp-dhclient-command-execution(66580)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"name": "ADV-2011-0879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"name": "VU#107886",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"name": "1025300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025300"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "SSA:2011-097-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"name": "ADV-2011-1000",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"name": "ADV-2011-0915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"name": "ADV-2011-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"name": "37623",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"name": "GLSA-201301-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "44180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44180"
},
{
"name": "DSA-2217",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"name": "USN-1108-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1108-1"
},
{
"name": "DSA-2216",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"name": "FEDORA-2011-4897",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
},
{
"name": "RHSA-2011:0428",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
},
{
"name": "44089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47176"
},
{
"name": "ADV-2011-0886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"name": "44103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44103"
},
{
"name": "RHSA-2011:0840",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
},
{
"name": "44037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44037"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=689832",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"name": "ADV-2011-0926",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"name": "HPSBMU02752",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "44127",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44127"
},
{
"name": "MDVSA-2011:073",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
},
{
"name": "SSRT100802",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"name": "ADV-2011-0909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"name": "oval:org.mitre.oval:def:12812",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
},
{
"name": "71493",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71493"
},
{
"name": "44090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44090"
},
{
"name": "44048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44048"
},
{
"name": "FEDORA-2011-4934",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
},
{
"name": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997",
"refsource": "CONFIRM",
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
},
{
"name": "iscdhcp-dhclient-command-execution(66580)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"name": "ADV-2011-0879",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"name": "VU#107886",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"name": "1025300",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025300"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"name": "SSA:2011-097-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"name": "ADV-2011-1000",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"name": "ADV-2011-0915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"name": "ADV-2011-0965",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"name": "37623",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"name": "44180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44180"
},
{
"name": "DSA-2217",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"name": "USN-1108-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1108-1"
},
{
"name": "DSA-2216",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"name": "FEDORA-2011-4897",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
},
{
"name": "RHSA-2011:0428",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
},
{
"name": "44089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0997",
"datePublished": "2011-04-08T15:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0413
Vulnerability from cvelistv5
Published
2011-01-31 20:00
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:09.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0266"
},
{
"name": "43006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43006"
},
{
"name": "ADV-2011-0235",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0235"
},
{
"name": "43354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43354"
},
{
"name": "dhcp-dhcpv6-dos(64959)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959"
},
{
"name": "70680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70680"
},
{
"name": "43104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43104"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-00456"
},
{
"name": "MDVSA-2011:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022"
},
{
"name": "ADV-2011-0583",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0583"
},
{
"name": "ADV-2011-0300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0300"
},
{
"name": "43613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43613"
},
{
"name": "1024999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024999"
},
{
"name": "43167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43167"
},
{
"name": "RHSA-2011:0256",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html"
},
{
"name": "46035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46035"
},
{
"name": "FEDORA-2011-0862",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413"
},
{
"name": "ADV-2011-0400",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0400"
},
{
"name": "DSA-2184",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2184"
},
{
"name": "VU#686084",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/686084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "ADV-2011-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0266"
},
{
"name": "43006",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43006"
},
{
"name": "ADV-2011-0235",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0235"
},
{
"name": "43354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43354"
},
{
"name": "dhcp-dhcpv6-dos(64959)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959"
},
{
"name": "70680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70680"
},
{
"name": "43104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43104"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-00456"
},
{
"name": "MDVSA-2011:022",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022"
},
{
"name": "ADV-2011-0583",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0583"
},
{
"name": "ADV-2011-0300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0300"
},
{
"name": "43613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43613"
},
{
"name": "1024999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024999"
},
{
"name": "43167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43167"
},
{
"name": "RHSA-2011:0256",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html"
},
{
"name": "46035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46035"
},
{
"name": "FEDORA-2011-0862",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413"
},
{
"name": "ADV-2011-0400",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0400"
},
{
"name": "DSA-2184",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2184"
},
{
"name": "VU#686084",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/686084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0266"
},
{
"name": "43006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43006"
},
{
"name": "ADV-2011-0235",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0235"
},
{
"name": "43354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43354"
},
{
"name": "dhcp-dhcpv6-dos(64959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959"
},
{
"name": "70680",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70680"
},
{
"name": "43104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43104"
},
{
"name": "https://kb.isc.org/article/AA-00456",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00456"
},
{
"name": "MDVSA-2011:022",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022"
},
{
"name": "ADV-2011-0583",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0583"
},
{
"name": "ADV-2011-0300",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0300"
},
{
"name": "43613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43613"
},
{
"name": "1024999",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024999"
},
{
"name": "43167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43167"
},
{
"name": "RHSA-2011:0256",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html"
},
{
"name": "46035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46035"
},
{
"name": "FEDORA-2011-0862",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html"
},
{
"name": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413"
},
{
"name": "ADV-2011-0400",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0400"
},
{
"name": "DSA-2184",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2184"
},
{
"name": "VU#686084",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/686084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0413",
"datePublished": "2011-01-31T20:00:00",
"dateReserved": "2011-01-11T00:00:00",
"dateUpdated": "2024-08-06T21:51:09.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200408-0175
Vulnerability from variot
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) 3 application contains a buffer overflow vulnerability. As a result, you may gain administrative privileges on vulnerable systems. On systems which lack the vsnprintf() library call, ISC DHCPD defines vsnprintf as:
define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)
This definition discards the size argument to the function, potentially allowing any occurrence of vsnprintf() to be exploitable, by overflowing whatever intended buffer is passed to the library call. Other locations in DHCPD utilizing this function may be exploitable. This issue is reported to affect ISC DHCPD versions 3.0.1rc12 and 3.0.1rc13. ISC DHCP calls vsnprintf() to write format log file strings.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Try it out online: http://secunia.com/software_inspector/
TITLE: XEROX WorkCentre Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA23265
VERIFY ADVISORY: http://secunia.com/advisories/23265/
CRITICAL: Moderately critical
IMPACT: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access
WHERE:
From local network
OPERATING SYSTEM: Xerox WorkCentre http://secunia.com/product/4746/ Xerox WorkCentre Pro http://secunia.com/product/4553/
DESCRIPTION: Some vulnerabilities and weaknesses have been reported in various XEROX WorkCentre products, which can be exploited by malicious people to bypass certain security restrictions, expose certain sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Input passed to the TCP/IP hostname, the Scan-to-mailbox folder name field, and to the Microsoft Network configuration parameters in the Web User interface is not properly sanitised.
2) Certain browser settings may allow unauthorized access. Additionally, an unspecified vulnerability in the Web User Interface can be exploited to bypass the authentication.
3) The TFTP/BOOTP auto configuration can be exploited to manipulate certain configuration settings.
4) An unspecified error within the handling of email signatures can be exploited to display improper items.
5) Requests to web services can be made through HTTP instead of HTTPS. Other unspecified HTTP security issues and a httpd.conf misconfiguration are also reported.
6) An error within the Scan-to-mailbox feature can be exploited to anonymously download secure files. Additionally, it is possible to anonymously download audit log files.
7) The system fails to keep accurate time resulting in incorrect time stamps in audit logs.
8) The embedded Samba version contains various vulnerabilities. Additionally, the SMB "Homes" share is visible and it's possible to browse the file system via SMB.
9) The SNMP agent does not return errors for non-writable objects. Additionally, authentication failure traps can't be enabled or generated.
10) An error within ops3-dmn can be exploited to crash the service and cause a DoS by attaching a PS script.
11) It is possible to bypass the security restriction and boot Alchemy by e.g. using an USB thumb drive.
12) The "Validate Repository SSL Certificate" scan feature does not verify the FQDN.
13) Certain problems with the Immediate Image Overwrite and On Demand Image Overwrite, a Postgress port block, and a http TRACE XSS attack in the network controller are reported.
14) Two boundary errors within the embedded DHCP implementation can be exploited to cause a buffer overflow, which may allow execution of arbitrary code.
SOLUTION: Apply updated software (see vendor advisories for detailed instructions).
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Xerox: http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Technical Cyber Security Alert TA04-174A
Multiple Vulnerabilities in ISC DHCP 3
Original release date: June 22, 2004 Last revised: -- Source: US-CERT
Systems Affected
* ISC DHCP versions 3.0.1rc12 and 3.0.1rc13
Overview
Two vulnerabilities in the ISC DHCP allow a remote attacker to cause a denial of the DHCP service on a vulnerable system. It may be possible to exploit these vulnerabilities to execute arbitrary code on the system.
I.
VU#317350 discusses a buffer overflow vulnerability in the temporary storage of log lines. In transactions, ISC DHCPD logs every DHCP packet along with several pieces of descriptive information. The client's DISCOVER and the resulting OFFER, REQUEST, ACK, and NAKs are all logged. In all of these messages, if the client supplied a hostname, then it is also included in the logged line. As part of the DHCP datagram format, a client may specify multiple hostname options, up to 255 bytes per option. These options are concatenated by the server. If the hostname and options contain only ASCII characters, then the string will pass non-ASCII character filters and be temporarily stored in 1024 byte fixed-length buffers on the stack. If a client supplies enough hostname options, it is possible to overflow the fixed-length buffer.
VU#654390 discusses C include files for systems that do not support the bounds checking vsnprintf() function. These files define the bounds checking vsnprintf() to the non-bounds checking vsprintf() function. Since vsprintf() is a function that does not check bounds, the size is discarded, creating the potential for a buffer overflow when client data is supplied. Note that the vsnprintf() statements are defined after the vulnerable code that is discussed in VU#317350. Since the preconditions for this vulnerability are similar to those required to exploit VU#317350, these buffer overflow conditions occur sequentially in the code after the buffer overflow vulnerability discussed in VU#317350, and these issues were discovered and resolved at the same time, there is no known exploit path to exploit these buffer overflow conditions caused by VU#654390. Note that VU#654390 was discovered and exploitable once VU#317350 was resolved.
For both of the vulnerabilities, only ISC DHCP 3.0.1rc12 and ISC DHCP 3.0.1rc13 are believed to be vulnerable. VU#317350 is exploitable for all operating systems and configurations. VU#654390 is only defined for the following operating systems:
* AIX
* AlphaOS
* Cygwin32
* HP-UX
* Irix
* Linux
* NextStep
* SCO
* SunOS 4
* SunOS 5.5
* Ultrix
All versions of ISC DCHP 3, including all snapshots, betas, and release candidates, contain the flawed code.
US-CERT is tracking these issues as VU#317350, which has been assigned CVE CAN-2004-0460, and VU#654390, which has been assigned CVE CAN-2004-0461.
II.
III. Solution
Apply patches or upgrade
These issues have been resolved in ISC DHCP 3.0.1rc14. Your vendor may provide specific patches or updates. For vendor-specific information, please see your vendor's site, or look for your vendor infomation in VU#317350 and VU#654390. As vendors report new information to US-CERT, we will update the vulnerability notes.
Appendix B. References
* http://www.isc.org/sw/dhcp/
* http://www.kb.cert.org/vuls/id/317350
* http://www.kb.cert.org/vuls/id/654390
US-CERT thanks Gregory Duchemin and Solar Designer for discovering, reporting, and resolving this vulnerability. Thanks also to David Hankins of ISC for notifying us of this vulnerability and the technical information provided to create this document.
Feedback can be directed to the author: Jason A. Rafail
The latest version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA04-174A.html>
Copyright 2004 Carnegie Mellon University.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
June 22, 2004: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFA2HFSXlvNRxAkFWARArH4AKDtUECQTE5HXmvsDQkwcWn9r7uAowCdGTHq AqWt3CgdEPJcIFDbJlIWQHo= =HSxN -----END PGP SIGNATURE----- . Hi, for those interested to reproduce the recent DOS attacks against ISC DHCPD 3.0.1 rc12 and rc13 as described in: http://www.kb.cert.org/vuls/id/317350 , i'm forwarding the first email i sent to ISC describing several stack based buffer overflows occuring during the creation of log messages and triggered by sending several DHCP HOSTNAME options within a single request. This mail also includes a trace of such DHCP REQUEST.
Other .bss overflows related to vsnprintf and identified later during our investigations as described in: http://www.kb.cert.org/vuls/id/654390 can be triggered the exact same way. Note that the home made tool i am referencing in this email will be made available very soon and already includes ISC, INFOBLOX and DLINK dhcp vulnerabilities I will drop a note here when it is finally released. cheers, Gregory
Special thanks to Solar Designer and David W.Hankins (ISC)
--- Original email ------
Summary:
i have discovered several stack based overflow in your dhcp-3.0.1rc12 and rc13 (may be others, have not checked) these vulnerabilities can be easily triggered by crafting a dhcp discover or request packet which carries several hostname dhcp options that ,once reassembled by the daemon (as explained in rfc 3396), overflow a stack based variable causing the daemon to crash. I believe than one might execute code remotely on the server with the same user account dhcpd is running with, root in most cases. I have been able at some points during the tests, to control eip' 4 bytes (intel 32bits arch), it was during the ddns forward update operation. Note that all tests have been made on a linux 2.4.20-24.9 using a home made tool to generate custom dhcp traffic
Now an example:
see dhcpd.conf in attachment if you need it.
structure of an offending packet (case of a dhcp request based attack)
DHCP request from 0.0.0.0:68 (ff:ff:ff:ff:ff:ff) to 255.255.255.255:67 (ff:ff:ff:ff:ff:ff)
op : BOOT REQUEST (1) htype : Ethernet (10Mb) (1) hlen : 6 hops : 0 xid : 0x00000000 secs : 1 flags : UNICAST (0x0000) ciaddr : 0.0.0.0 yiaddr : 0.0.0.0 siaddr : 255.255.255.255 giaddr : 0.0.0.0 chaddr : ff:ff:ff:ff:ff:ff sname : file : cookie : 0x63825363 (RFC 1497/2132, BOOTP Vendor informations/DHCP options) DHCP option (053 [0x35]) : MESSAGE_TYPE : REQUEST BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA BOOTP option (012 [0x0c]) : HOSTNAME : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA DHCP option (050 [0x32]) : REQUEST_IP : 192.168.0.99
sending this packet to the ptraced daemon (within gdb) gives:
(gdb) run -f -d The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /usr/sbin/dhcpd -f -d Internet Software Consortium DHCP Server V3.0.1rc13 Copyright 1995-2003 Internet Software Consortium. All rights reserved. For info, please visit http://www.isc.org/products/DHCP Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 0 leases to leases file. Listening on LPF/eth0/00:0d:88:b5:95:0c/192.168.0.0/24 Sending on LPF/eth0/00:0d:88:b5:95:0c/192.168.0.0/24 Sending on Socket/fallback/fallback-net Unable to add forward map from bobAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-1022AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8 860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-284AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1. 92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE2008071205P+0A.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X 1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE2008071205P+0A.zob.com.0X1.
Program received signal SIGSEGV, Segmentation fault. 0x080add76 in hash_lookup (vp=0xbfffde24, table=0x38322d50, name=0x8149dac "\001\xff\xff\xff\xff\xff\xff", len=7, file=0x80bbe25 "mdb.c", line=1662) at hash.c:363 363 hashno = (*table -> do_hash) (name, len, table -> hash_count); (gdb)
backtracing stack show:
(gdb) bt
0 0x080add76 in hash_lookup (vp=0xbfffde24, table=0x38322d50,
name=0x8149dac "\001\xff\xff\xff\xff\xff\xff", len=7, file=0x80bbe25 "mdb.c", line=1662) at hash.c:363
1 0x0806fb0a in lease_hash_lookup (ptr=0xbfffde24, table=0x38322d50,
buf=0x8149dac "\001\xff\xff\xff\xff\xff\xff", len=7, file=0x80bbe25 "mdb.c", line=1662) at mdb.c:2055
2 0x0806eb5b in find_lease_by_hw_addr (lp=0xbfffde24, hwaddr=0x8149dac
"\001\xff\xff\xff\xff\xff\xff", hwlen=7, file=0x80bbe25 "mdb.c", line=1662) at mdb.c:1574
3 0x0806ee5f in hw_hash_add (lease=0x8149d30) at mdb.c:1661
4 0x0806d959 in supersede_lease (comp=0x8149d30, lease=0x811def8,
commit=1, propogate=1, pimmediate=1) at mdb.c:969
5 0x08050cb9 in ack_lease (packet=0x811d6e0, lease=0x8149d30, offer=5,
when=0, msg=0xbfffdfd0 "DHCPREQUEST for 192.168.0.99 from ff:ff:ff:ff:ff:ff via eth0", ms_nulltp=0) at dhcp.c:2227
6 0x0804d041 in dhcprequest (packet=0x811d6e0, ms_nulltp=0,
ip_lease=0x0) at dhcp.c:662
7 0x0804c37d in dhcp (packet=0x811d6e0) at dhcp.c:224
8 0x08088d9a in do_packet (interface=0x811d568, packet=0xbfffe580,
len=1430, from_port=17408, from=
{len = 4, iabuf = '\0'
9 0x08096718 in got_one (h=0x811d568) at discover.c:785
10 0x080a937e in omapi_one_dispatch (wo=0x0, t=0x0) at dispatch.c:418
11 0x0807cce3 in dispatch () at dispatch.c:103
12 0x0804add1 in main (argc=3, argv=0xbffff904, envp=0xbffff914) at
dhcpd.c:614
13 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6
(gdb)
Note that the daemon may actually crash at a different location depending of the first corrupted structure it meets and therefore, of the size of the malicious option sent, along with the context (type of packet, leases in use etc...)
Problems in the source: I have spent quite some time to find out where the overflow actually takes its roots, here are my findings:
file server/dhcp.c: function dhcprequest :
char msgbuf [1024]; /* XXX */
char *s;
....
if (lease && lease -> client_hostname && db_printable (lease -> client_hostname)) s = lease -> client_hostname; else s = (char *)0;
......
sprintf (msgbuf, "DHCPREQUEST for %s%s from %s %s%s%svia %s",
piaddr (cip), smbuf,
(packet -> raw -> htype
? print_hw_addr (packet -> raw -> htype,
packet -> raw -> hlen,
packet -> raw -> chaddr)
: (lease
? print_hex_1 (lease -> uid_len, lease -> uid,
lease -> uid_len)
: "
To summarize, s is referencing the reassembled hostname option passed to the daemon, afterwhat it is used as is in sprintf and stored in msgbuf (fixed size) without any length checking. local msgbuf can obviously be overrun, corrupting various structures in stack and eventually causing the server to crash Note that the call to db_printable( ), filtering hostname, may render the task harder to root a server but likely not impossible. Also being able to corrupt structures like lease or oc may have interesting side effects from an attacker perspective.
void dhcprequest (packet, ms_nulltp, ip_lease) struct packet packet; int ms_nulltp; struct lease ip_lease; { struct lease lease; struct iaddr cip; struct iaddr sip; struct subnet subnet; int ours = 0; struct option_cache oc; struct data_string data; int status; char msgbuf [1024]; / XXX / char s; char smbuf [19];
....
the very same problem is present in dhcpdiscover( ), dhcpdecline( ),
dhcprequest( ) , dhcprelease( ), ...
please look at the diff in unified format, attached to this email, for a
detailed list
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200408-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "fedora",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "infoblox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "suse",
"version": null
},
{
"model": "fedora core",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "core_2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "8.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "7"
},
{
"model": "linux firewall cd",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "9.1"
},
{
"model": "dns one appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "infoblox",
"version": "2.4.0.8a"
},
{
"model": "linux database server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "*"
},
{
"model": "linux connectivity server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "*"
},
{
"model": "dhcpd",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dns one appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "infoblox",
"version": "2.4.0.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "8"
},
{
"model": "linux office server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "*"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "9.1"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "9.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "9.0"
},
{
"model": "linux admin-cd for firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "*"
},
{
"model": "email server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "iii"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "8.2"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "9.0"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "10.0"
},
{
"model": "dns one appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "infoblox",
"version": "2.3.1_r5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "isc",
"version": null
},
{
"model": "dhcp",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "3.0.1rc12"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "3.0.1rc13"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "7"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.0"
},
{
"model": "suse email server iii",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "linux office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux firewall on cd",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux database server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "linux connectivity server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux admin-cd for firewall",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "linux mandrake amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.0"
},
{
"model": "linux mandrake amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.2"
},
{
"model": "linux mandrake ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.0"
},
{
"model": "dhcpd rc13",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dhcpd rc12",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dns one appliance .0-8a",
"scope": "eq",
"trust": 0.3,
"vendor": "infoblox",
"version": "2.4"
},
{
"model": "dns one appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "infoblox",
"version": "2.4.0-8"
},
{
"model": "dns one appliance -r5",
"scope": "eq",
"trust": 0.3,
"vendor": "infoblox",
"version": "2.3.1"
},
{
"model": "dhcpd rc14",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "BID",
"id": "10591"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "NVD",
"id": "CVE-2004-0461"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:infoblox:dns_one_appliance:2.3.1_r5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:suse:suse_email_server:iii:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:suse_linux_admin-cd_for_firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:suse_linux_firewall_cd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcpd:3.0.1:rc12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcpd:3.0.1:rc13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7:*:enterprise_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0461"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregory Duchemin\u203b c3rb3r@hotmail.com\u203bSolar Designer\u203b solar@openwall.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0461",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2004-0461",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-8891",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0461",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#317350",
"trust": 0.8,
"value": "25.52"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#654390",
"trust": 0.8,
"value": "14.21"
},
{
"author": "CNNVD",
"id": "CNNVD-200408-117",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-8891",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "VULHUB",
"id": "VHN-8891"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "NVD",
"id": "CVE-2004-0461"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. The Internet Systems Consortium\u0027s (ISC) Dynamic Host Configuration Protocol (DHCP) 3 application contains a buffer overflow vulnerability. As a result, you may gain administrative privileges on vulnerable systems. \nOn systems which lack the vsnprintf() library call, ISC DHCPD defines vsnprintf as:\n#define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)\nThis definition discards the size argument to the function, potentially allowing any occurrence of vsnprintf() to be exploitable, by overflowing whatever intended buffer is passed to the library call. \nOther locations in DHCPD utilizing this function may be exploitable. \nThis issue is reported to affect ISC DHCPD versions 3.0.1rc12 and 3.0.1rc13. ISC DHCP calls vsnprintf() to write format log file strings. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nXEROX WorkCentre Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA23265\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23265/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Manipulation of data, Exposure of system\ninformation, Exposure of sensitive information, DoS, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nXerox WorkCentre\nhttp://secunia.com/product/4746/\nXerox WorkCentre Pro\nhttp://secunia.com/product/4553/\n\nDESCRIPTION:\nSome vulnerabilities and weaknesses have been reported in various\nXEROX WorkCentre products, which can be exploited by malicious people\nto bypass certain security restrictions, expose certain sensitive\ninformation, cause a DoS (Denial of Service), and compromise a\nvulnerable system. \n\n1) Input passed to the TCP/IP hostname, the Scan-to-mailbox folder\nname field, and to the Microsoft Network configuration parameters in\nthe Web User interface is not properly sanitised. \n\n2) Certain browser settings may allow unauthorized access. \nAdditionally, an unspecified vulnerability in the Web User Interface\ncan be exploited to bypass the authentication. \n\n3) The TFTP/BOOTP auto configuration can be exploited to manipulate\ncertain configuration settings. \n\n4) An unspecified error within the handling of email signatures can\nbe exploited to display improper items. \n\n5) Requests to web services can be made through HTTP instead of\nHTTPS. Other unspecified HTTP security issues and a httpd.conf\nmisconfiguration are also reported. \n\n6) An error within the Scan-to-mailbox feature can be exploited to\nanonymously download secure files. Additionally, it is possible to\nanonymously download audit log files. \n\n7) The system fails to keep accurate time resulting in incorrect time\nstamps in audit logs. \n\n8) The embedded Samba version contains various vulnerabilities. \nAdditionally, the SMB \"Homes\" share is visible and it\u0027s possible to\nbrowse the file system via SMB. \n\n9) The SNMP agent does not return errors for non-writable objects. \nAdditionally, authentication failure traps can\u0027t be enabled or\ngenerated. \n\n10) An error within ops3-dmn can be exploited to crash the service\nand cause a DoS by attaching a PS script. \n\n11) It is possible to bypass the security restriction and boot\nAlchemy by e.g. using an USB thumb drive. \n\n12) The \"Validate Repository SSL Certificate\" scan feature does not\nverify the FQDN. \n\n13) Certain problems with the Immediate Image Overwrite and On Demand\nImage Overwrite, a Postgress port block, and a http TRACE XSS attack\nin the network controller are reported. \n\n14) Two boundary errors within the embedded DHCP implementation can\nbe exploited to cause a buffer overflow, which may allow execution of\narbitrary code. \n\nSOLUTION:\nApply updated software (see vendor advisories for detailed\ninstructions). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nXerox:\nhttp://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf\nhttp://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n Technical Cyber Security Alert TA04-174A\n Multiple Vulnerabilities in ISC DHCP 3\n\n Original release date: June 22, 2004\n Last revised: --\n Source: US-CERT\n\nSystems Affected\n\n * ISC DHCP versions 3.0.1rc12 and 3.0.1rc13\n\nOverview\n\n Two vulnerabilities in the ISC DHCP allow a remote attacker to cause a\n denial of the DHCP service on a vulnerable system. It may be possible\n to exploit these vulnerabilities to execute arbitrary code on the\n system. \n\nI. \n\n VU#317350 discusses a buffer overflow vulnerability in the temporary\n storage of log lines. In transactions, ISC DHCPD logs every DHCP\n packet along with several pieces of descriptive information. The\n client\u0027s DISCOVER and the resulting OFFER, REQUEST, ACK, and NAKs are\n all logged. In all of these messages, if the client supplied a\n hostname, then it is also included in the logged line. As part of the\n DHCP datagram format, a client may specify multiple hostname options,\n up to 255 bytes per option. These options are concatenated by the\n server. If the hostname and options contain only ASCII characters,\n then the string will pass non-ASCII character filters and be\n temporarily stored in 1024 byte fixed-length buffers on the stack. If\n a client supplies enough hostname options, it is possible to overflow\n the fixed-length buffer. \n\n VU#654390 discusses C include files for systems that do not support\n the bounds checking vsnprintf() function. These files define the\n bounds checking vsnprintf() to the non-bounds checking vsprintf()\n function. Since vsprintf() is a function that does not check bounds,\n the size is discarded, creating the potential for a buffer overflow\n when client data is supplied. Note that the vsnprintf() statements are\n defined after the vulnerable code that is discussed in VU#317350. \n Since the preconditions for this vulnerability are similar to those\n required to exploit VU#317350, these buffer overflow conditions occur\n sequentially in the code after the buffer overflow vulnerability\n discussed in VU#317350, and these issues were discovered and resolved\n at the same time, there is no known exploit path to exploit these\n buffer overflow conditions caused by VU#654390. Note that VU#654390\n was discovered and exploitable once VU#317350 was resolved. \n\n For both of the vulnerabilities, only ISC DHCP 3.0.1rc12 and ISC DHCP\n 3.0.1rc13 are believed to be vulnerable. VU#317350 is exploitable for\n all operating systems and configurations. VU#654390 is only defined\n for the following operating systems:\n\n * AIX\n * AlphaOS\n * Cygwin32\n * HP-UX\n * Irix\n * Linux\n * NextStep\n * SCO\n * SunOS 4\n * SunOS 5.5\n * Ultrix\n\n All versions of ISC DCHP 3, including all snapshots, betas, and\n release candidates, contain the flawed code. \n\n US-CERT is tracking these issues as VU#317350, which has been assigned\n CVE CAN-2004-0460, and VU#654390, which has been assigned CVE\n CAN-2004-0461. \n\nII. \n\nIII. Solution\n\n Apply patches or upgrade\n\n These issues have been resolved in ISC DHCP 3.0.1rc14. Your vendor may\n provide specific patches or updates. For vendor-specific information,\n please see your vendor\u0027s site, or look for your vendor infomation in\n VU#317350 and VU#654390. As vendors report new information to US-CERT,\n we will update the vulnerability notes. \n\nAppendix B. References\n\n * http://www.isc.org/sw/dhcp/\n * http://www.kb.cert.org/vuls/id/317350\n * http://www.kb.cert.org/vuls/id/654390\n _________________________________________________________________\n\n US-CERT thanks Gregory Duchemin and Solar Designer for discovering,\n reporting, and resolving this vulnerability. Thanks also to David\n Hankins of ISC for notifying us of this vulnerability and the\n technical information provided to create this document. \n _________________________________________________________________\n\n Feedback can be directed to the author: Jason A. Rafail\n _________________________________________________________________\n\n The latest version of this document can be found at:\n \n \u003chttp://www.us-cert.gov/cas/techalerts/TA04-174A.html\u003e\n _________________________________________________________________\n \n Copyright 2004 Carnegie Mellon University. \n \n Terms of use:\n \n \u003chttp://www.us-cert.gov/legal.html\u003e\n \n _________________________________________________________________\n\n Revision History\n\n June 22, 2004: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niD8DBQFA2HFSXlvNRxAkFWARArH4AKDtUECQTE5HXmvsDQkwcWn9r7uAowCdGTHq\nAqWt3CgdEPJcIFDbJlIWQHo=\n=HSxN\n-----END PGP SIGNATURE-----\n. Hi,\nfor those interested to reproduce the recent DOS attacks against ISC \nDHCPD 3.0.1 rc12 and rc13\nas described in:\nhttp://www.kb.cert.org/vuls/id/317350\n, i\u0027m forwarding the first email i sent to ISC describing several stack \nbased buffer overflows occuring during the creation\nof log messages and triggered by sending several DHCP HOSTNAME options \nwithin a single request. \nThis mail also includes a trace of such DHCP REQUEST. \n\nOther .bss overflows related to vsnprintf and identified later during \nour investigations as described in:\nhttp://www.kb.cert.org/vuls/id/654390\ncan be triggered the exact same way. \nNote that the home made tool i am referencing in this email will be made \navailable very soon and already includes ISC, INFOBLOX and DLINK dhcp \nvulnerabilities\nI will drop a note here when it is finally released. \ncheers,\nGregory\n\nSpecial thanks to Solar Designer and David W.Hankins (ISC)\n\n\n--- Original email ------\n\nSummary:\n\ni have discovered several stack based overflow in your dhcp-3.0.1rc12 \nand rc13 (may be others, have not checked)\nthese vulnerabilities can be easily triggered by crafting a dhcp \ndiscover or request packet which carries several hostname dhcp options that\n,once reassembled by the daemon (as explained in rfc 3396), overflow a \nstack based variable causing the daemon to crash. \nI believe than one might execute code remotely on the server with the \nsame user account dhcpd is running with, root in most cases. \nI have been able at some points during the tests, to control eip\u0027 4 \nbytes (intel 32bits arch), it was during the ddns forward update operation. \nNote that all tests have been made on a linux 2.4.20-24.9 using a home \nmade tool to generate custom dhcp traffic\n\nNow an example:\n\nsee dhcpd.conf in attachment if you need it. \n\nstructure of an offending packet (case of a dhcp request based attack)\n\n \u003e\u003e DHCP request\n \u003e\u003e from 0.0.0.0:68 (ff:ff:ff:ff:ff:ff) to 255.255.255.255:67 \n(ff:ff:ff:ff:ff:ff)\n\n \u003e\u003e op : BOOT REQUEST (1)\n \u003e\u003e htype : Ethernet (10Mb) (1)\n \u003e\u003e hlen : 6\n \u003e\u003e hops : 0\n \u003e\u003e xid : 0x00000000\n \u003e\u003e secs : 1\n \u003e\u003e flags : UNICAST (0x0000)\n \u003e\u003e ciaddr : 0.0.0.0\n \u003e\u003e yiaddr : 0.0.0.0\n \u003e\u003e siaddr : 255.255.255.255\n \u003e\u003e giaddr : 0.0.0.0\n \u003e\u003e chaddr : ff:ff:ff:ff:ff:ff\n \u003e\u003e sname :\n \u003e\u003e file :\n \u003e\u003e cookie : 0x63825363 (RFC 1497/2132, BOOTP Vendor informations/DHCP \noptions)\n \u003e\u003e DHCP option (053 [0x35]) : MESSAGE_TYPE : REQUEST\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e BOOTP option (012 [0x0c]) : HOSTNAME : \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n \u003e\u003e DHCP option (050 [0x32]) : REQUEST_IP : 192.168.0.99\n \nsending this packet to the ptraced daemon (within gdb) gives:\n\n(gdb) run -f -d\nThe program being debugged has been started already. \nStart it from the beginning? (y or n) y\nStarting program: /usr/sbin/dhcpd -f -d\nInternet Software Consortium DHCP Server V3.0.1rc13\nCopyright 1995-2003 Internet Software Consortium. \nAll rights reserved. \nFor info, please visit http://www.isc.org/products/DHCP\nWrote 0 deleted host decls to leases file. \nWrote 0 new dynamic host decls to leases file. \nWrote 0 leases to leases file. \nListening on LPF/eth0/00:0d:88:b5:95:0c/192.168.0.0/24\nSending on LPF/eth0/00:0d:88:b5:95:0c/192.168.0.0/24\nSending on Socket/fallback/fallback-net\nUnable to add forward map from \nbobAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-1022AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8 \n860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-284AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1. \n92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE2008071205P+0A.zob.com.0X1.D8860BFFFDD5P-895NAN0X0.0000080FFFFFFP-10220X1.1E46000000003P-8940X1.23931P-2840X1.92E302E383631P-108NAN0X1.1E4600811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0X1.1DEF80811E4FP-894AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X \n1.FDE880811DEF8P+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-0X1.FDE2008071205P+0A.zob.com.0X1. \n\nProgram received signal SIGSEGV, Segmentation fault. \n0x080add76 in hash_lookup (vp=0xbfffde24, table=0x38322d50, \nname=0x8149dac \"\\001\\xff\\xff\\xff\\xff\\xff\\xff\", len=7, file=0x80bbe25 \"mdb.c\", line=1662)\n at hash.c:363\n363 hashno = (*table -\u003e do_hash) (name, len, table -\u003e \nhash_count);\n(gdb)\n \n\nbacktracing stack show:\n\n(gdb) bt\n#0 0x080add76 in hash_lookup (vp=0xbfffde24, table=0x38322d50, \nname=0x8149dac \"\\001\\xff\\xff\\xff\\xff\\xff\\xff\", len=7, file=0x80bbe25 \"mdb.c\", line=1662)\n at hash.c:363\n#1 0x0806fb0a in lease_hash_lookup (ptr=0xbfffde24, table=0x38322d50, \nbuf=0x8149dac \"\\001\\xff\\xff\\xff\\xff\\xff\\xff\", len=7, file=0x80bbe25 \"mdb.c\", line=1662)\n at mdb.c:2055\n#2 0x0806eb5b in find_lease_by_hw_addr (lp=0xbfffde24, hwaddr=0x8149dac \n\"\\001\\xff\\xff\\xff\\xff\\xff\\xff\", hwlen=7, file=0x80bbe25 \"mdb.c\", line=1662)\n at mdb.c:1574\n#3 0x0806ee5f in hw_hash_add (lease=0x8149d30) at mdb.c:1661\n#4 0x0806d959 in supersede_lease (comp=0x8149d30, lease=0x811def8, \ncommit=1, propogate=1, pimmediate=1) at mdb.c:969\n#5 0x08050cb9 in ack_lease (packet=0x811d6e0, lease=0x8149d30, offer=5, \nwhen=0,\n msg=0xbfffdfd0 \"DHCPREQUEST for 192.168.0.99 from ff:ff:ff:ff:ff:ff \nvia eth0\", ms_nulltp=0) at dhcp.c:2227\n#6 0x0804d041 in dhcprequest (packet=0x811d6e0, ms_nulltp=0, \nip_lease=0x0) at dhcp.c:662\n#7 0x0804c37d in dhcp (packet=0x811d6e0) at dhcp.c:224\n#8 0x08088d9a in do_packet (interface=0x811d568, packet=0xbfffe580, \nlen=1430, from_port=17408, from=\n {len = 4, iabuf = \u0027\\0\u0027 \u003crepeats 15 times\u003e}, hfrom=0xbffff5b0) at \noptions.c:2237\n#9 0x08096718 in got_one (h=0x811d568) at discover.c:785\n#10 0x080a937e in omapi_one_dispatch (wo=0x0, t=0x0) at dispatch.c:418\n#11 0x0807cce3 in dispatch () at dispatch.c:103\n#12 0x0804add1 in main (argc=3, argv=0xbffff904, envp=0xbffff914) at \ndhcpd.c:614\n#13 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6\n(gdb)\n\nNote that the daemon may actually crash at a different location \ndepending of the first corrupted structure it meets and therefore,\nof the size of the malicious option sent, along with the context (type \nof packet, leases in use etc...)\n\n\nProblems in the source:\nI have spent quite some time to find out where the overflow actually \ntakes its roots, here are my findings:\n\nfile server/dhcp.c:\nfunction dhcprequest :\n\n char msgbuf [1024]; /* XXX */\n char *s;\n\n.... \n\n if (lease \u0026\u0026 lease -\u003e client_hostname \u0026\u0026\n db_printable (lease -\u003e client_hostname))\n s = lease -\u003e client_hostname;\n else\n s = (char *)0;\n\n\n...... \n\n sprintf (msgbuf, \"DHCPREQUEST for %s%s from %s %s%s%svia %s\",\n piaddr (cip), smbuf,\n (packet -\u003e raw -\u003e htype\n ? print_hw_addr (packet -\u003e raw -\u003e htype,\n packet -\u003e raw -\u003e hlen,\n packet -\u003e raw -\u003e chaddr)\n : (lease\n ? print_hex_1 (lease -\u003e uid_len, lease -\u003e uid,\n lease -\u003e uid_len)\n : \"\u003cno identifier\u003e\")),\n s ? \"(\" : \"\", s ? s : \"\", s ? \") \" : \"\",\n packet -\u003e raw -\u003e giaddr.s_addr\n ? inet_ntoa (packet -\u003e raw -\u003e giaddr)\n : packet -\u003e interface -\u003e name);\n\n\nTo summarize, s is referencing the reassembled hostname option passed to \nthe daemon, afterwhat it is used as is in sprintf and stored in msgbuf \n(fixed size) without any length checking. \nlocal msgbuf can obviously be overrun, corrupting various structures in \nstack and eventually causing the server to crash\nNote that the call to db_printable( ), filtering hostname, may render \nthe task harder to root a server but likely not impossible. \nAlso being able to corrupt structures like *lease or *oc may have \ninteresting side effects from an attacker perspective. \n\nvoid dhcprequest (packet, ms_nulltp, ip_lease)\n struct packet *packet;\n int ms_nulltp;\n struct lease *ip_lease;\n{\n struct lease *lease;\n struct iaddr cip;\n struct iaddr sip;\n struct subnet *subnet;\n int ours = 0;\n struct option_cache *oc;\n struct data_string data;\n int status;\n char msgbuf [1024]; /* XXX */\n char *s;\n char smbuf [19];\n\n.... \n\nthe very same problem is present in dhcpdiscover( ), dhcpdecline( ), \ndhcprequest( ) , dhcprelease( ), ... \nplease look at the diff in unified format, attached to this email, for a \ndetailed list",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0461"
},
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "BID",
"id": "10591"
},
{
"db": "VULHUB",
"id": "VHN-8891"
},
{
"db": "PACKETSTORM",
"id": "52810"
},
{
"db": "PACKETSTORM",
"id": "33622"
},
{
"db": "PACKETSTORM",
"id": "33664"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#654390",
"trust": 3.5
},
{
"db": "USCERT",
"id": "TA04-174A",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2004-0461",
"trust": 2.8
},
{
"db": "BID",
"id": "10591",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#317350",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "23265",
"trust": 1.8
},
{
"db": "XF",
"id": "16476",
"trust": 1.4
},
{
"db": "XF",
"id": "16475",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117",
"trust": 0.7
},
{
"db": "SUSE",
"id": "SUSE-SA:2004:019",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040708 [OPENPKG-SA-2004.031] OPENPKG SECURITY ADVISORY (DHCPD)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040622 DHCP VULN // NO CODE 0DAY //",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040628 ISC DHCP OVERFLOWS",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA04-174A",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2004:061",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-8891",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52810",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "33622",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "33664",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "VULHUB",
"id": "VHN-8891"
},
{
"db": "BID",
"id": "10591"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "PACKETSTORM",
"id": "52810"
},
{
"db": "PACKETSTORM",
"id": "33622"
},
{
"db": "PACKETSTORM",
"id": "33664"
},
{
"db": "NVD",
"id": "CVE-2004-0461"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
]
},
"id": "VAR-200408-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8891"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:30.726000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ISC Dynamic Host Configuration Protocol (DHCP)",
"trust": 0.8,
"url": "https://www.isc.org/sw/dhcp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0461"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-174a.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/654390"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/10591"
},
{
"trust": 1.8,
"url": "http://www.xerox.com/downloads/usa/en/c/cert_xrx06_004_v11.pdf"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:061"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/23265"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html"
},
{
"trust": 1.6,
"url": "about vulnerability notes"
},
{
"trust": 1.6,
"url": "contact us about this vulnerability"
},
{
"trust": 1.6,
"url": "provide a vendor statement"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/16476"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16476"
},
{
"trust": 1.0,
"url": "http://www.kb.cert.org/vuls/id/317350"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108795911203342\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108843959502356\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108938625206063\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0461"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/16475"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta04-174a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta04-174a"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2004-0461"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108843959502356\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108938625206063\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108795911203342\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.mandrakesoft.com/security/advisories?name=mdksa-2004:061"
},
{
"trust": 0.3,
"url": "/archive/1/367286"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108795911203342\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108843959502356\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108938625206063\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.xerox.com/downloads/usa/en/c/cert_xrx06_006_v1b.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23265/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4746/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4553/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-174a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.isc.org/sw/dhcp/"
},
{
"trust": 0.1,
"url": "http://www.isc.org/products/dhcp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "VULHUB",
"id": "VHN-8891"
},
{
"db": "BID",
"id": "10591"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "PACKETSTORM",
"id": "52810"
},
{
"db": "PACKETSTORM",
"id": "33622"
},
{
"db": "PACKETSTORM",
"id": "33664"
},
{
"db": "NVD",
"id": "CVE-2004-0461"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#317350"
},
{
"db": "CERT/CC",
"id": "VU#654390"
},
{
"db": "VULHUB",
"id": "VHN-8891"
},
{
"db": "BID",
"id": "10591"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"db": "PACKETSTORM",
"id": "52810"
},
{
"db": "PACKETSTORM",
"id": "33622"
},
{
"db": "PACKETSTORM",
"id": "33664"
},
{
"db": "NVD",
"id": "CVE-2004-0461"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-06-22T00:00:00",
"db": "CERT/CC",
"id": "VU#317350"
},
{
"date": "2004-06-22T00:00:00",
"db": "CERT/CC",
"id": "VU#654390"
},
{
"date": "2004-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-8891"
},
{
"date": "2004-06-22T00:00:00",
"db": "BID",
"id": "10591"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"date": "2006-12-07T06:24:29",
"db": "PACKETSTORM",
"id": "52810"
},
{
"date": "2004-06-22T23:37:13",
"db": "PACKETSTORM",
"id": "33622"
},
{
"date": "2004-06-28T00:42:00",
"db": "PACKETSTORM",
"id": "33664"
},
{
"date": "2004-08-06T04:00:00",
"db": "NVD",
"id": "CVE-2004-0461"
},
{
"date": "2004-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-07-13T00:00:00",
"db": "CERT/CC",
"id": "VU#317350"
},
{
"date": "2004-07-21T00:00:00",
"db": "CERT/CC",
"id": "VU#654390"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-8891"
},
{
"date": "2009-07-12T05:16:00",
"db": "BID",
"id": "10591"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000617"
},
{
"date": "2017-07-11T01:30:10.747000",
"db": "NVD",
"id": "CVE-2004-0461"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "33622"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ISC DHCP contains a stack buffer overflow vulnerability in handling log lines containing ASCII characters only",
"sources": [
{
"db": "CERT/CC",
"id": "VU#317350"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "10591"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-117"
}
],
"trust": 0.9
}
}
var-202105-1325
Vulnerability from variot
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. There is a discrepancy between the code that handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-25217). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: dhcp security update Advisory ID: RHSA-2021:2469-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2469 Issue date: 2021-06-17 CVE Names: CVE-2021-25217 =====================================================================
- Summary:
An update for dhcp is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - x86_64
- Description:
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
Security Fix(es):
- dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.6):
Source: dhcp-4.2.5-69.el7_6.1.src.rpm
x86_64: dhclient-4.2.5-69.el7_6.1.x86_64.rpm dhcp-4.2.5-69.el7_6.1.x86_64.rpm dhcp-common-4.2.5-69.el7_6.1.x86_64.rpm dhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm dhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm dhcp-libs-4.2.5-69.el7_6.1.i686.rpm dhcp-libs-4.2.5-69.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.6):
Source: dhcp-4.2.5-69.el7_6.1.src.rpm
ppc64le: dhclient-4.2.5-69.el7_6.1.ppc64le.rpm dhcp-4.2.5-69.el7_6.1.ppc64le.rpm dhcp-common-4.2.5-69.el7_6.1.ppc64le.rpm dhcp-debuginfo-4.2.5-69.el7_6.1.ppc64le.rpm dhcp-libs-4.2.5-69.el7_6.1.ppc64le.rpm
x86_64: dhclient-4.2.5-69.el7_6.1.x86_64.rpm dhcp-4.2.5-69.el7_6.1.x86_64.rpm dhcp-common-4.2.5-69.el7_6.1.x86_64.rpm dhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm dhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm dhcp-libs-4.2.5-69.el7_6.1.i686.rpm dhcp-libs-4.2.5-69.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.6):
Source: dhcp-4.2.5-69.el7_6.1.src.rpm
x86_64: dhclient-4.2.5-69.el7_6.1.x86_64.rpm dhcp-4.2.5-69.el7_6.1.x86_64.rpm dhcp-common-4.2.5-69.el7_6.1.x86_64.rpm dhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm dhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm dhcp-libs-4.2.5-69.el7_6.1.i686.rpm dhcp-libs-4.2.5-69.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.6):
x86_64: dhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm dhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm dhcp-devel-4.2.5-69.el7_6.1.i686.rpm dhcp-devel-4.2.5-69.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.6):
ppc64le: dhcp-debuginfo-4.2.5-69.el7_6.1.ppc64le.rpm dhcp-devel-4.2.5-69.el7_6.1.ppc64le.rpm
x86_64: dhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm dhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm dhcp-devel-4.2.5-69.el7_6.1.i686.rpm dhcp-devel-4.2.5-69.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.6):
x86_64: dhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm dhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm dhcp-devel-4.2.5-69.el7_6.1.i686.rpm dhcp-devel-4.2.5-69.el7_6.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-25217 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMs0KtzjgjWX9erEAQis7xAAhh3MBohMBq6bZd6sPasNG4rPX+Xh5AWf D+6WNTQLV1u1IU4ZzGKVMtBNSfCd8m727z/L0d4wBof06ngUXHkdR4AEzn5uuWSz lHzlgbpmvqxeBnXrHOG1WE43JNXHSsj0u8eARsLxEU4/rxnbLVOj5dMJkdWmXN61 DocHHFVw6GmdZSCr6/tLjvG57fWtVLQF4SpEdhXz55iNZ1l6y09FDtoom/FuXIcG VnsUpsu/iWMFaUaVQH3sFVLksl39IrHFQxvskXR+FHAPzb8vVuKyNihJ5b3BUhfh jTUKPxLO+X0/K9+cNFVSuSTPr7eHpRRHdUbFIHcUB0s1ACOnmvHr6G8FaVAi9BQZ 6hzWcOFOZS7fF4TnXF3q0yDAKApRwlyF1PP21u1XdCb17Z4+E2LZF0nqnbb3hCxV JfnsadNc2Re/gc3u1bOGQb56ylc7LC74BeMDoJSeldqdPeT5JUc8XRRCyWHjVcjD Bj1kD90FbD3Z3jRAvASgKg4KU1xqEZidHyL/qHo9YTS0h9lqc2iWb0n3/4RU0E8k OuNPpWxkzt1uGQl3iJbQH4TOsIQtqoDFOaCaPMbol44fnm69Q52zRBBr6AHVhEcY iOpTa2PUFK3FLfhkfUCHcCRVXqXeewefcODTWs2Jwx6/sl7nsZpWMNlV8+rdUmXR BuvubM0bUt8= =mdD7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 6 ELS) - i386, s390x, x86_64
- These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- ========================================================================= Ubuntu Security Notice USN-4969-2 May 27, 2021
isc-dhcp vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
DHCP could be made to crash if it received specially crafted network traffic.
Software Description: - isc-dhcp: DHCP server and client
Details:
USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: isc-dhcp-client 4.3.3-5ubuntu12.10+esm1 isc-dhcp-server 4.3.3-5ubuntu12.10+esm1
Ubuntu 14.04 ESM: isc-dhcp-client 4.2.4-7ubuntu12.13+esm1 isc-dhcp-server 4.2.4-7ubuntu12.13+esm1
In general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64
-
8) - aarch64, noarch, ppc64le, s390x, x86_64
-
Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/
Security:
-
fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)
-
fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)
-
nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)
-
redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)
-
redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)
-
nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
-
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing
-
-u- extension (CVE-2020-28851)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
-
nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)
-
oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)
-
redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
nodejs-lodash: command injection via template (CVE-2021-23337)
-
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)
-
browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
-
nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
-
nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
-
openssl: integer overflow in CipherUpdate (CVE-2021-23840)
-
openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
-
nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)
-
grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)
-
nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
-
nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)
-
ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
-
normalize-url: ReDoS for data URLs (CVE-2021-33502)
-
nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)
-
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
-
html-parse-stringify: Regular Expression DoS (CVE-2021-23346)
-
openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Bugs:
-
RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)
-
cluster became offline after apiserver health check (BZ# 1942589)
-
Bugs fixed (https://bugzilla.redhat.com/):
1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters
-
Gentoo Linux Security Advisory GLSA 202305-22
https://security.gentoo.org/
Severity: Normal Title: ISC DHCP: Multiple Vulnerabilities Date: May 03, 2023 Bugs: #875521, #792324 ID: 202305-22
Synopsis
Multiple vulnerabilities have been discovered in ISC DHCP, the worst of which could result in denial of service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/dhcp < 4.4.3_p1 >= 4.4.3_p1
Description
Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ISC DHCP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.4.3_p1"
References
[ 1 ] CVE-2021-25217 https://nvd.nist.gov/vuln/detail/CVE-2021-25217 [ 2 ] CVE-2022-2928 https://nvd.nist.gov/vuln/detail/CVE-2022-2928 [ 3 ] CVE-2022-2929 https://nvd.nist.gov/vuln/detail/CVE-2022-2929
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-22
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1325",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "4.1-esv"
},
{
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"model": "ruggedcom rox rx1511",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"model": "ruggedcom rox rx1536",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"model": "ruggedcom rox rx5000",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "dhcp",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "4.4.2"
},
{
"model": "ruggedcom rox rx1524",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"model": "ruggedcom rox rx1501",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"model": "ruggedcom rox mx5000",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "ruggedcom rox rx1512",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ruggedcom rox rx1510",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "sinec ins",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "ruggedcom rox rx1500",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"model": "dhcp",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "4.4.0"
},
{
"model": "sinec ins",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r10b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r10rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r11b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r11rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r12-p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r12b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r13b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r14b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r16:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.4.2",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r15-p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:r15_b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1524_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1536_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163052"
},
{
"db": "PACKETSTORM",
"id": "163747"
}
],
"trust": 0.9
},
"cve": "CVE-2021-25217",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2021-25217",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-officer@isc.org",
"id": "CVE-2021-25217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25217",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. There is a discrepancy between the code that handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-25217). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: dhcp security update\nAdvisory ID: RHSA-2021:2469-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2469\nIssue date: 2021-06-17\nCVE Names: CVE-2021-25217 \n=====================================================================\n\n1. Summary:\n\nAn update for dhcp is now available for Red Hat Enterprise Linux 7.6\nAdvanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.6 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.6) - x86_64\n\n3. Description:\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\nindividual devices on an IP network to get their own network configuration\ninformation, including an IP address, a subnet mask, and a broadcast\naddress. The dhcp packages provide a relay agent and ISC DHCP service\nrequired to enable and administer DHCP on a network. \n\nSecurity Fix(es):\n\n* dhcp: stack-based buffer overflow when parsing statements with\ncolon-separated hex digits in config or lease files in dhcpd and dhclient\n(CVE-2021-25217)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.6):\n\nSource:\ndhcp-4.2.5-69.el7_6.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-common-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm\ndhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-libs-4.2.5-69.el7_6.1.i686.rpm\ndhcp-libs-4.2.5-69.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.6):\n\nSource:\ndhcp-4.2.5-69.el7_6.1.src.rpm\n\nppc64le:\ndhclient-4.2.5-69.el7_6.1.ppc64le.rpm\ndhcp-4.2.5-69.el7_6.1.ppc64le.rpm\ndhcp-common-4.2.5-69.el7_6.1.ppc64le.rpm\ndhcp-debuginfo-4.2.5-69.el7_6.1.ppc64le.rpm\ndhcp-libs-4.2.5-69.el7_6.1.ppc64le.rpm\n\nx86_64:\ndhclient-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-common-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm\ndhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-libs-4.2.5-69.el7_6.1.i686.rpm\ndhcp-libs-4.2.5-69.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.6):\n\nSource:\ndhcp-4.2.5-69.el7_6.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-common-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm\ndhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-libs-4.2.5-69.el7_6.1.i686.rpm\ndhcp-libs-4.2.5-69.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6):\n\nx86_64:\ndhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm\ndhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-devel-4.2.5-69.el7_6.1.i686.rpm\ndhcp-devel-4.2.5-69.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\ndhcp-debuginfo-4.2.5-69.el7_6.1.ppc64le.rpm\ndhcp-devel-4.2.5-69.el7_6.1.ppc64le.rpm\n\nx86_64:\ndhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm\ndhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-devel-4.2.5-69.el7_6.1.i686.rpm\ndhcp-devel-4.2.5-69.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6):\n\nx86_64:\ndhcp-debuginfo-4.2.5-69.el7_6.1.i686.rpm\ndhcp-debuginfo-4.2.5-69.el7_6.1.x86_64.rpm\ndhcp-devel-4.2.5-69.el7_6.1.i686.rpm\ndhcp-devel-4.2.5-69.el7_6.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-25217\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMs0KtzjgjWX9erEAQis7xAAhh3MBohMBq6bZd6sPasNG4rPX+Xh5AWf\nD+6WNTQLV1u1IU4ZzGKVMtBNSfCd8m727z/L0d4wBof06ngUXHkdR4AEzn5uuWSz\nlHzlgbpmvqxeBnXrHOG1WE43JNXHSsj0u8eARsLxEU4/rxnbLVOj5dMJkdWmXN61\nDocHHFVw6GmdZSCr6/tLjvG57fWtVLQF4SpEdhXz55iNZ1l6y09FDtoom/FuXIcG\nVnsUpsu/iWMFaUaVQH3sFVLksl39IrHFQxvskXR+FHAPzb8vVuKyNihJ5b3BUhfh\njTUKPxLO+X0/K9+cNFVSuSTPr7eHpRRHdUbFIHcUB0s1ACOnmvHr6G8FaVAi9BQZ\n6hzWcOFOZS7fF4TnXF3q0yDAKApRwlyF1PP21u1XdCb17Z4+E2LZF0nqnbb3hCxV\nJfnsadNc2Re/gc3u1bOGQb56ylc7LC74BeMDoJSeldqdPeT5JUc8XRRCyWHjVcjD\nBj1kD90FbD3Z3jRAvASgKg4KU1xqEZidHyL/qHo9YTS0h9lqc2iWb0n3/4RU0E8k\nOuNPpWxkzt1uGQl3iJbQH4TOsIQtqoDFOaCaPMbol44fnm69Q52zRBBr6AHVhEcY\niOpTa2PUFK3FLfhkfUCHcCRVXqXeewefcODTWs2Jwx6/sl7nsZpWMNlV8+rdUmXR\nBuvubM0bUt8=\n=mdD7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 6 ELS) - i386, s390x, x86_64\n\n3. \nThese packages include redhat-release-virtualization-host. \nRHVH features a Cockpit user interface for monitoring the host\u0027s resources\nand\nperforming administrative tasks. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n4. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n5. =========================================================================\nUbuntu Security Notice USN-4969-2\nMay 27, 2021\n\nisc-dhcp vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nDHCP could be made to crash if it received specially crafted network\ntraffic. \n\nSoftware Description:\n- isc-dhcp: DHCP server and client\n\nDetails:\n\nUSN-4969-1 fixed a vulnerability in DHCP. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly\n handled lease file parsing. A remote attacker could possibly use this issue\n to cause DHCP to crash, resulting in a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n isc-dhcp-client 4.3.3-5ubuntu12.10+esm1\n isc-dhcp-server 4.3.3-5ubuntu12.10+esm1\n\nUbuntu 14.04 ESM:\n isc-dhcp-client 4.2.4-7ubuntu12.13+esm1\n isc-dhcp-server 4.2.4-7ubuntu12.13+esm1\n\nIn general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202305-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ISC DHCP: Multiple Vulnerabilities\n Date: May 03, 2023\n Bugs: #875521, #792324\n ID: 202305-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ISC DHCP, the worst of\nwhich could result in denial of service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/dhcp \u003c 4.4.3_p1 \u003e= 4.4.3_p1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ISC DHCP. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ISC DHCP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/dhcp-4.4.3_p1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-25217\n https://nvd.nist.gov/vuln/detail/CVE-2021-25217\n[ 2 ] CVE-2022-2928\n https://nvd.nist.gov/vuln/detail/CVE-2022-2928\n[ 3 ] CVE-2022-2929\n https://nvd.nist.gov/vuln/detail/CVE-2022-2929\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202305-22\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25217"
},
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "162841"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163052"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "172130"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25217",
"trust": 2.2
},
{
"db": "SIEMENS",
"id": "SSA-637483",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-406691",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/26/6",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-258-05",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-25217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163196",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163240",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163400",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162841",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163129",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163137",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163052",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172130",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "162841"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163052"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "172130"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"id": "VAR-202105-1325",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.366531175
},
"last_update_date": "2024-07-23T20:55:14.082000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Debian CVElist Bug Report Logs: isc-dhcp: CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b55bb445f71f0d88702845d3582e2b5c"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1510",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1510"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1654",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1654"
},
{
"title": "Red Hat: CVE-2021-25217",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-25217"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-25217 log"
},
{
"title": "Palo Alto Networks Security Advisory: PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=34f98e4f4344c97599fe2d33618956a7"
},
{
"title": "Completion for lacework",
"trust": 0.1,
"url": "https://github.com/fbreton/lacework "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"trust": 1.1,
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z2lb42jwiv4m4wdnxx5vgip26feywkif/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5qi4dyc7j4bghew3nh4xhmwthyc36uk4/"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25217"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-25217"
},
{
"trust": 0.9,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3560"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989157"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2021-1510.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2555"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4969-1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4969-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2418"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2359"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3377"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29477"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29478"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2928"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "162841"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163052"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "172130"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "162841"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163052"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "172130"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"date": "2021-06-17T18:09:00",
"db": "PACKETSTORM",
"id": "163196"
},
{
"date": "2021-06-15T15:01:13",
"db": "PACKETSTORM",
"id": "163151"
},
{
"date": "2021-06-22T19:32:24",
"db": "PACKETSTORM",
"id": "163240"
},
{
"date": "2021-07-06T15:19:09",
"db": "PACKETSTORM",
"id": "163400"
},
{
"date": "2021-05-27T13:30:42",
"db": "PACKETSTORM",
"id": "162841"
},
{
"date": "2021-06-14T15:49:07",
"db": "PACKETSTORM",
"id": "163129"
},
{
"date": "2021-06-15T14:41:42",
"db": "PACKETSTORM",
"id": "163137"
},
{
"date": "2021-06-15T14:44:42",
"db": "PACKETSTORM",
"id": "163140"
},
{
"date": "2021-06-09T13:43:47",
"db": "PACKETSTORM",
"id": "163052"
},
{
"date": "2021-08-06T14:02:37",
"db": "PACKETSTORM",
"id": "163747"
},
{
"date": "2023-05-03T15:37:18",
"db": "PACKETSTORM",
"id": "172130"
},
{
"date": "2021-05-26T22:15:07.947000",
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"date": "2023-11-07T03:31:24.893000",
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "162841"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-2469-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "163196"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163052"
}
],
"trust": 0.8
}
}
var-201104-0082
Vulnerability from variot
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. The ISC dhclient contains a vulnerability that could allow a remote attacker to execute arbitrary code on the client machine. Apple From Apple Time Capsule and AirPort Base Station (802.11n) Firmware update for has been released.Crafted DHCP Any command may be executed by processing the response. A remote attacker can exploit this issue through a rogue DHCP server.
Additionally for Corporate Server 4 and Enterprise Server 5 ISC DHCP has been upgraded from the 3.0.7 version to the 4.1.2-P1 version which brings many enhancements such as better ipv6 support.
Packages for 2009.0 are provided as of the Extended Maintenance Program.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 http://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1-RELNOTES https://www.isc.org/software/dhcp/advisories/cve-2011-0997
Updated Packages:
Mandriva Linux 2009.0: 0fe2b147ebdba8b68f69ddc27160db5c 2009.0/i586/dhcp-client-4.1.2-0.4mdv2009.0.i586.rpm f4ee7090da2bec5cb4482f2fa21beb8b 2009.0/i586/dhcp-common-4.1.2-0.4mdv2009.0.i586.rpm a4a5bd2f2d8f4d40a4c60d5dde55307c 2009.0/i586/dhcp-devel-4.1.2-0.4mdv2009.0.i586.rpm 814bc88e335fb03901f326300ae92961 2009.0/i586/dhcp-doc-4.1.2-0.4mdv2009.0.i586.rpm ec52571bb8002e9394b1eb6e6fc95b64 2009.0/i586/dhcp-relay-4.1.2-0.4mdv2009.0.i586.rpm e7fed43b5db92babf8ca3acbd7210b7f 2009.0/i586/dhcp-server-4.1.2-0.4mdv2009.0.i586.rpm 18489ac449e257f1fa9aad9e7a054b45 2009.0/SRPMS/dhcp-4.1.2-0.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: b557459f67de2b8ec481d313d9a26cb2 2009.0/x86_64/dhcp-client-4.1.2-0.4mdv2009.0.x86_64.rpm b4ea7a9670866fff6cd3f4eb77073a84 2009.0/x86_64/dhcp-common-4.1.2-0.4mdv2009.0.x86_64.rpm 4f9a9c9a9815697e17a65b942771e31d 2009.0/x86_64/dhcp-devel-4.1.2-0.4mdv2009.0.x86_64.rpm df18345c665846817880f815af0ad0e8 2009.0/x86_64/dhcp-doc-4.1.2-0.4mdv2009.0.x86_64.rpm eac313ff664e3ea9f8e4c3818d7b7387 2009.0/x86_64/dhcp-relay-4.1.2-0.4mdv2009.0.x86_64.rpm 48cca35591072588de0e1b9f00ca88eb 2009.0/x86_64/dhcp-server-4.1.2-0.4mdv2009.0.x86_64.rpm 18489ac449e257f1fa9aad9e7a054b45 2009.0/SRPMS/dhcp-4.1.2-0.4mdv2009.0.src.rpm
Mandriva Linux 2010.0: 88ba2b9d0ccfddf8b1b6f516851d08ce 2010.0/i586/dhcp-client-4.1.2-0.4mdv2010.0.i586.rpm 1475209ee7b9fb9b7f26ad5b20afcdcf 2010.0/i586/dhcp-common-4.1.2-0.4mdv2010.0.i586.rpm ea29d2bfd21b02a56057cd36dc21f43a 2010.0/i586/dhcp-devel-4.1.2-0.4mdv2010.0.i586.rpm 067c3ac4f7530e447f82bbe4326253a3 2010.0/i586/dhcp-doc-4.1.2-0.4mdv2010.0.i586.rpm 409516cfb0004d5f4522040b81433ce7 2010.0/i586/dhcp-relay-4.1.2-0.4mdv2010.0.i586.rpm a23871dfa6632571cdf4a2559941ad89 2010.0/i586/dhcp-server-4.1.2-0.4mdv2010.0.i586.rpm 265c9ec68af7e23baf8b1b6fcc4cc64f 2010.0/SRPMS/dhcp-4.1.2-0.4mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 403dfe148141d926bc2f5e31c18360ba 2010.0/x86_64/dhcp-client-4.1.2-0.4mdv2010.0.x86_64.rpm 2cd0331b9935442a68d606e1d58b0608 2010.0/x86_64/dhcp-common-4.1.2-0.4mdv2010.0.x86_64.rpm 80a31ea430793ce9d2269c9d31aa03bd 2010.0/x86_64/dhcp-devel-4.1.2-0.4mdv2010.0.x86_64.rpm d5053dc644215e70dfc5380afdbc90c4 2010.0/x86_64/dhcp-doc-4.1.2-0.4mdv2010.0.x86_64.rpm 377fe3099561dd0a795617977164b91f 2010.0/x86_64/dhcp-relay-4.1.2-0.4mdv2010.0.x86_64.rpm 57b98ba8696c7a7d20ab96a823f4ff0d 2010.0/x86_64/dhcp-server-4.1.2-0.4mdv2010.0.x86_64.rpm 265c9ec68af7e23baf8b1b6fcc4cc64f 2010.0/SRPMS/dhcp-4.1.2-0.4mdv2010.0.src.rpm
Mandriva Linux 2010.1: 5b603213aa47a9772cf786ae6ee046da 2010.1/i586/dhcp-client-4.1.2-0.4mdv2010.2.i586.rpm 3046be07aaa09d1b39fcc8c07ef25e58 2010.1/i586/dhcp-common-4.1.2-0.4mdv2010.2.i586.rpm 1b5a481f6db0b53e666884cfda6ac44c 2010.1/i586/dhcp-devel-4.1.2-0.4mdv2010.2.i586.rpm 279beab531b59a715c946a00bd58fc48 2010.1/i586/dhcp-doc-4.1.2-0.4mdv2010.2.i586.rpm a328ab24b56f1ac03f8f420acd0a3806 2010.1/i586/dhcp-relay-4.1.2-0.4mdv2010.2.i586.rpm f7c61c55748270add2fe45d3245895c8 2010.1/i586/dhcp-server-4.1.2-0.4mdv2010.2.i586.rpm 30d4e8965d393765fb98b425889df126 2010.1/SRPMS/dhcp-4.1.2-0.4mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 27f78c74028b1ea64dbd596c05cfa83f 2010.1/x86_64/dhcp-client-4.1.2-0.4mdv2010.2.x86_64.rpm ab56614386900415fecba15f4c17db13 2010.1/x86_64/dhcp-common-4.1.2-0.4mdv2010.2.x86_64.rpm 535a2eb4b6a4b1f78f47201e0b4249c3 2010.1/x86_64/dhcp-devel-4.1.2-0.4mdv2010.2.x86_64.rpm 64e9bac6fe8f4dbee3e1aebd5d91e977 2010.1/x86_64/dhcp-doc-4.1.2-0.4mdv2010.2.x86_64.rpm 612892e71f2aeddfd8b55cd7ac220247 2010.1/x86_64/dhcp-relay-4.1.2-0.4mdv2010.2.x86_64.rpm 9bb46bca8de30ee4b99bfe09867a3924 2010.1/x86_64/dhcp-server-4.1.2-0.4mdv2010.2.x86_64.rpm 30d4e8965d393765fb98b425889df126 2010.1/SRPMS/dhcp-4.1.2-0.4mdv2010.2.src.rpm
Corporate 4.0: f49d86732da26402b022b2d980049c03 corporate/4.0/i586/dhcp-client-4.1.2-0.4.20060mlcs4.i586.rpm acd985bc51c25cc42325befb357b0dcc corporate/4.0/i586/dhcp-common-4.1.2-0.4.20060mlcs4.i586.rpm c01506a802e46af23c8f10a72c6a0eb2 corporate/4.0/i586/dhcp-devel-4.1.2-0.4.20060mlcs4.i586.rpm 81522530fa5e97057d6eeea18ad7bec3 corporate/4.0/i586/dhcp-doc-4.1.2-0.4.20060mlcs4.i586.rpm 2ebfdf7ee9224b7403c4ab5e8370d9ab corporate/4.0/i586/dhcp-relay-4.1.2-0.4.20060mlcs4.i586.rpm c2bbacf8934b9e3dc78cdb49cd811ec9 corporate/4.0/i586/dhcp-server-4.1.2-0.4.20060mlcs4.i586.rpm ac3031a0c5dfeb6274aa28d669e66cba corporate/4.0/SRPMS/dhcp-4.1.2-0.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 2747bf835e111141b9a91dc320eeab43 corporate/4.0/x86_64/dhcp-client-4.1.2-0.4.20060mlcs4.x86_64.rpm 0c998112346a5da94e09d55c996d6dff corporate/4.0/x86_64/dhcp-common-4.1.2-0.4.20060mlcs4.x86_64.rpm fd38ef505da0c593ef900895abeb1ddc corporate/4.0/x86_64/dhcp-devel-4.1.2-0.4.20060mlcs4.x86_64.rpm 69b3d6cbf21c46828de40a322fd1310d corporate/4.0/x86_64/dhcp-doc-4.1.2-0.4.20060mlcs4.x86_64.rpm c5acb788ae76e674952d656fa9b0d1a5 corporate/4.0/x86_64/dhcp-relay-4.1.2-0.4.20060mlcs4.x86_64.rpm e19db50139a291a7acd23491af5f8d54 corporate/4.0/x86_64/dhcp-server-4.1.2-0.4.20060mlcs4.x86_64.rpm ac3031a0c5dfeb6274aa28d669e66cba corporate/4.0/SRPMS/dhcp-4.1.2-0.4.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: 7cbe686b047a6fd6f95cda44669e5862 mes5/i586/dhcp-client-4.1.2-0.4mdvmes5.2.i586.rpm af8b9fe15591b76c11f2257e0cb43a37 mes5/i586/dhcp-common-4.1.2-0.4mdvmes5.2.i586.rpm 2a22a53e6de1a9333c36c5cc250c5ac4 mes5/i586/dhcp-devel-4.1.2-0.4mdvmes5.2.i586.rpm 9ca551145fc79919000a61419e72de37 mes5/i586/dhcp-doc-4.1.2-0.4mdvmes5.2.i586.rpm e9faa5fae712882720b107eb02e51f1f mes5/i586/dhcp-relay-4.1.2-0.4mdvmes5.2.i586.rpm 8568f3bac9dd6654b63ebee94c33275e mes5/i586/dhcp-server-4.1.2-0.4mdvmes5.2.i586.rpm 0e5415cf40dde2931cd1b81aada5e7f7 mes5/SRPMS/dhcp-4.1.2-0.4mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 87ae497e9b94fb842718b4fbefb55474 mes5/x86_64/dhcp-client-4.1.2-0.4mdvmes5.2.x86_64.rpm 71d70558972e1f0729513fce69183de2 mes5/x86_64/dhcp-common-4.1.2-0.4mdvmes5.2.x86_64.rpm 0f12150d87816bd1770388d8dc309d21 mes5/x86_64/dhcp-devel-4.1.2-0.4mdvmes5.2.x86_64.rpm 0450f2a86dab4988d1c96a8e9747104f mes5/x86_64/dhcp-doc-4.1.2-0.4mdvmes5.2.x86_64.rpm 6a043f417310b6229e8fb8d967c12a8d mes5/x86_64/dhcp-relay-4.1.2-0.4mdvmes5.2.x86_64.rpm e4281f48c410412f60fd33f095b9199c mes5/x86_64/dhcp-server-4.1.2-0.4mdvmes5.2.x86_64.rpm 0e5415cf40dde2931cd1b81aada5e7f7 mes5/SRPMS/dhcp-4.1.2-0.4mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFNotZnmqjQ0CJFipgRAsarAJ4zitKb2D4e53sOLX4vqvuPs5tLCACffyPE Y8Ya7GFbhILVKuKTG+Ps+3k= =EXBX -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-06
http://security.gentoo.org/
Severity: Normal Title: ISC DHCP: Denial of Service Date: January 09, 2013 Bugs: #362453, #378799, #393617, #398763, #428120, #434880 ID: 201301-06
Synopsis
Multiple vulnerabilities have been found in ISC DHCP, the worst of which may allow remote Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/dhcp < 4.2.4_p2 >= 4.2.4_p2
Description
Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All ISC DHCP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.2.4_p2"
References
[ 1 ] CVE-2011-0997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0997 [ 2 ] CVE-2011-2748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2748 [ 3 ] CVE-2011-2749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2749 [ 4 ] CVE-2011-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4539 [ 5 ] CVE-2011-4868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4868 [ 6 ] CVE-2012-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3570 [ 7 ] CVE-2012-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3571 [ 8 ] CVE-2012-3954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3954 [ 9 ] CVE-2012-3955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3955
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Release Date: 2012-03-20 Last Updated: 2012-03-20
Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control Software for Linux (IC-Linux).
References: CVE-2011-3210, CVE-2011-3207, CVE-2011-1097, CVE-2011-0997, CVE-2011-0762, CVE-2010-4645
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control Software for Linux (IC-Linux) before v7.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3207 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2011-1097 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2011-0997 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-0762 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0 CVE-2010-4645 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided HP Insight Control Software for Linux (IC-Linux) v7.0 to resolve the vulnerabilities. IC-Linux v7.0 is available here:
http://h18004.www1.hp.com/products/servers/management/insightcontrol_linux2/index.html
HISTORY Version:1 (rev.1) - 20 March 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. This issue is addressed by stripping shell meta-characters in dhclient-script.
It is recommended that AirPort Utility 5.5.3 or later be installed before upgrading to Firmware version 7.6. ========================================================================== Ubuntu Security Notice USN-1108-2 April 19, 2011
dhcp3 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
Summary:
An attacker's DHCP server could send crafted responses to your computer and cause it to run programs as root. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 9.10 and higher. This update fixes the problem.
Original advisory details:
Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: dhcp3-client 3.1.3-2ubuntu6.2
Ubuntu 10.04 LTS: dhcp3-client 3.1.3-2ubuntu3.2
Ubuntu 9.10: dhcp3-client 3.1.2-1ubuntu7.3
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: dhcp security update Advisory ID: RHSA-2011:0840-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0840.html Issue date: 2011-05-31 CVE Names: CVE-2011-0997 =====================================================================
- Summary:
Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 3 Extended Life Cycle Support.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 3 ELS) - i386
- Description:
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. (CVE-2011-0997)
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.
All dhclient users should upgrade to these updated packages, which contain a backported patch to correct this issue.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
689832 - CVE-2011-0997 dhclient: insufficient sanitization of certain DHCP response values
- Package List:
Red Hat Enterprise Linux AS (v. 3 ELS):
Source: dhcp-3.0.1-10.3_EL3.src.rpm
i386: dhclient-3.0.1-10.3_EL3.i386.rpm dhcp-3.0.1-10.3_EL3.i386.rpm dhcp-debuginfo-3.0.1-10.3_EL3.i386.rpm dhcp-devel-3.0.1-10.3_EL3.i386.rpm
Red Hat Enterprise Linux ES (v. 3 ELS):
Source: dhcp-3.0.1-10.3_EL3.src.rpm
i386: dhclient-3.0.1-10.3_EL3.i386.rpm dhcp-3.0.1-10.3_EL3.i386.rpm dhcp-debuginfo-3.0.1-10.3_EL3.i386.rpm dhcp-devel-3.0.1-10.3_EL3.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-0997.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFN5QSLXlSAg2UNWIIRAsdVAJ9mkD7RcbzsYOkK8JnEQsRSeelYuwCeNmZd LdK24/RBkJXiFOiY5pI8Eig= =HTuE -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3-6ubuntu7.2.diff.gz
Size/MD5: 68426 b4a36d1b44e8276211cef0b9bfbb6ea5
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3-6ubuntu7.2.dsc
Size/MD5: 1428 2fe76544defdfa3d4ab61d548ea5bc03
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3.orig.tar.gz
Size/MD5: 870240 f91416a0b8ed3fd0601688cf0b7df58f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_amd64.deb
Size/MD5: 221524 2cc3c7815cb6e6a2cc21d0c2a6286202
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_amd64.deb
Size/MD5: 454060 4d6e00d001d85359af4777316c012038
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_amd64.deb
Size/MD5: 131252 bf862b9ce2cc9888f9e617f42c0d8f77
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_amd64.deb
Size/MD5: 321024 383390887daadd122e7e66a9896e0432
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_amd64.udeb
Size/MD5: 177440 04a6bc2b53da66245b8b79b71d8f82ed
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_amd64.deb
Size/MD5: 105842 9616c95d8f2d487fd330fb9b33c58474
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_i386.deb
Size/MD5: 196930 ebaee96958395481e8c9c25a6591c1a3
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_i386.deb
Size/MD5: 431162 6fec8eaee0c753e95193f507e3c2c1eb
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_i386.deb
Size/MD5: 117544 76fd573dc96ade71033c31e9965a1ede
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_i386.deb
Size/MD5: 289684 8d0c386dc142ca3e69766e26fa6ced00
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_i386.udeb
Size/MD5: 152296 98cdda8ba797a8f3532e2db2c95f5329
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_i386.deb
Size/MD5: 94176 369f369a8fd6b58df3e293a5264c8047
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_powerpc.deb
Size/MD5: 203612 da623d9e1694169cfc1de56f2e0df6e4
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_powerpc.deb
Size/MD5: 435818 a6f18c0a5083885f0f3ad270a52f1ea9
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_powerpc.deb
Size/MD5: 130290 8ed50d04b1c91276b0bdf19b3cda3fcd
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_powerpc.deb
Size/MD5: 297742 95b7742e4fb7c4720add03965ef51b45
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_powerpc.udeb
Size/MD5: 158466 61e6403a4a5db1783c43fbfe6ad74e8c
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_powerpc.deb
Size/MD5: 96696 a7d275b7895e47d8141fab29a3db415b
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_sparc.deb
Size/MD5: 200826 04fe774f2349b12af88465a96a4443b4
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_sparc.deb
Size/MD5: 434238 c71c8b52f5324385d13e3610e7bef30e
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_sparc.deb
Size/MD5: 126784 ca67a9bd308dfb73bf85906f53e8ae6b
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_sparc.deb
Size/MD5: 294084 628696dfa6a0c9a2713b7fde4390d700
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_sparc.udeb
Size/MD5: 156068 907d41b490e6155c580b83cec96e3f71
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_sparc.deb
Size/MD5: 96810 d1559518c2fc467cf6244ee8cd29176b
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg-1ubuntu9.2.diff.gz
Size/MD5: 97783 a2e0e7077df662a15c039c462ecd8e3d
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg-1ubuntu9.2.dsc
Size/MD5: 1537 ccf77a9747dc8cbc6b65e0d94ab9c43b
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg.orig.tar.gz
Size/MD5: 724045 e89ef34005c576ddbb229e3b4478f6e2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_amd64.udeb
Size/MD5: 180140 9b8c326a22be742b43e2b8d9b07d4f86
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_amd64.deb
Size/MD5: 242126 8053c2330e512d48f0318af10079c50a
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_amd64.deb
Size/MD5: 300696 15bbfae5ba97f27d0c896b886773f02b
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_amd64.deb
Size/MD5: 124032 82fe33e521c7ee08b7a00596acc8cb8d
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_amd64.deb
Size/MD5: 342596 40acd4d59e72be79a5c930254bee0223
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_amd64.deb
Size/MD5: 114396 5e5c7a86cec5ef70f927cbf53fffec4d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_i386.udeb
Size/MD5: 159988 7c2cd082adad4cdae500b88b9429ea24
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_i386.deb
Size/MD5: 221966 92748d084525779ad31fe09ae76ca8d5
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_i386.deb
Size/MD5: 281564 0e64a350c9599b473f42949dbaa44533
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_i386.deb
Size/MD5: 109818 5ef8d14534865cdf0b63699e54ab684a
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_i386.deb
Size/MD5: 318748 205746468ea8d58f1babe96c28f46983
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_i386.deb
Size/MD5: 103376 15e19ab3867304e29f59f3e97170f145
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_lpia.udeb
Size/MD5: 158248 1ce010480a0ea9a1a8683995ab5c9b68
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_lpia.deb
Size/MD5: 220236 d0c1551dde51da5503fe3be6288a23bb
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_lpia.deb
Size/MD5: 279790 cf35fa8aaca649fd85366e684628a580
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_lpia.deb
Size/MD5: 109062 d1ff75192f05906028ac9001483529da
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_lpia.deb
Size/MD5: 316576 6f95deb3879a7c38c0f9cd1ba1ff0228
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_lpia.deb
Size/MD5: 102310 d4b1c32f8c1d1a6383fc09580e46ec79
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_powerpc.udeb
Size/MD5: 177278 29a10d5d08bc3797b67770a4028758ff
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_powerpc.deb
Size/MD5: 242046 27324a8f5623a94ff813148a5267fb4b
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_powerpc.deb
Size/MD5: 296498 4b8af066dc6c2481e4ff360800c04e74
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_powerpc.deb
Size/MD5: 122548 9ad8db4fbd23f1760d1bc123b01f014b
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_powerpc.deb
Size/MD5: 341860 28075deaecbdc1d77166dcb1623a8c85
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_powerpc.deb
Size/MD5: 112934 766413326d6486146da4aec03a2654bc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_sparc.udeb
Size/MD5: 156574 742d54969d6dd68e7ac86ca00e1b1832
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_sparc.deb
Size/MD5: 218754 60013fe472200e1bf45d9b02d80a244e
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_sparc.deb
Size/MD5: 277066 bf1034124c51ddacf732c2887957a46e
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_sparc.deb
Size/MD5: 113494 b50639e27d92c0ababba9fab23242d7d
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_sparc.deb
Size/MD5: 313426 b93d5ec9d7ea9717a79d6bf2bb80a285
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_sparc.deb
Size/MD5: 102930 df99654fbd9e6f5aba7f962adb9d6470
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2-1ubuntu7.2.diff.gz
Size/MD5: 141611 0cab5bee752928f3c9f0c8e1ded26167
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2-1ubuntu7.2.dsc
Size/MD5: 1955 a26905456538cd0d30e924e488302fc4
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2.orig.tar.gz
Size/MD5: 799626 85901a9554650030df7d1ef3e5959fdf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.2-1ubuntu7.2_all.deb
Size/MD5: 26206 905e286082551fcbc23916052de7e2fa
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_amd64.udeb
Size/MD5: 208604 5bb8643607d5f416205174f97d443e8e
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_amd64.deb
Size/MD5: 270930 fa0267775f2471f0be30499bf121b6e7
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_amd64.deb
Size/MD5: 332152 ee101e67b7ad97bd410e983da115484d
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_amd64.deb
Size/MD5: 127130 0d4b4a1dc992d56f8c01d94990290910
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_amd64.deb
Size/MD5: 395062 a5ab658903283a97dd658e5cdfe6a45e
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_amd64.deb
Size/MD5: 125444 6f12bfb86b46567aa8e2ecba8af1852e
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_amd64.deb
Size/MD5: 348242 8fe33e4a7afac6d5a952d0c158d7ed45
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_i386.udeb
Size/MD5: 191210 64285abd7e68c517eefcf3ff5eecb909
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_i386.deb
Size/MD5: 252916 749769cec2a5d0cdfe5ddb67e6864270
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_i386.deb
Size/MD5: 315850 e0deb4932a763831adc3e73cf0f068fa
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_i386.deb
Size/MD5: 116650 434d9e26a1b3b5a4b5fd94bea2c581b4
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_i386.deb
Size/MD5: 372288 481d9d80e948895969b72be4b825fbb8
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_i386.deb
Size/MD5: 116424 49010850bef64719353588c5d88e6714
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_i386.deb
Size/MD5: 326174 7f328cba4c811d5d56582328f1ad6b1d
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_armel.udeb
Size/MD5: 174400 4ed674aa3f13c4c4012def78b6cfd62f
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_armel.deb
Size/MD5: 236228 c14a8f75dc70e363afb2e39b9b6c9b68
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_armel.deb
Size/MD5: 300026 8183f7371713d8ddc8bd2b8f8d979794
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_armel.deb
Size/MD5: 112806 41dcceea5abd7feac4f1f7465b3892b7
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_armel.deb
Size/MD5: 349366 ea2f47d49b065c252caeb33d9d273363
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_armel.deb
Size/MD5: 108672 f277fadf0e50c5325b20f8001f30108a
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_armel.deb
Size/MD5: 301210 76887fde4612e80131c94a00b328a874
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_lpia.udeb
Size/MD5: 187330 e70af0ba0633b7a10c666f2f2e30b017
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_lpia.deb
Size/MD5: 249154 bde848f0444ac204f0781d848771b2e7
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_lpia.deb
Size/MD5: 312056 e131e50d9159fb5a7cf92bd7532c6d5b
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_lpia.deb
Size/MD5: 115610 6bf9bc6ccc3986f7bda77f6e0929bd2b
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_lpia.deb
Size/MD5: 368276 a5d4ce07f31b702817fb3d3961fd8a7b
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_lpia.deb
Size/MD5: 114588 d030b6a51bf6eb1b682c88fcfc92cdda
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_lpia.deb
Size/MD5: 321710 5c51aac0b4ea78167072cce854d63f47
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_powerpc.udeb
Size/MD5: 199998 aff548b71963695089f418a502bc5e01
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_powerpc.deb
Size/MD5: 262344 a4799a7b4c6d6d91120ef36537485080
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_powerpc.deb
Size/MD5: 324014 c6be94d8dda2d47ea08c3f1277160eda
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_powerpc.deb
Size/MD5: 120394 4b35e8aa5a363a659daa6232a0a76501
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_powerpc.deb
Size/MD5: 382434 9c71333d4f8ccc12d14996fa42ba60b7
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_powerpc.deb
Size/MD5: 120310 32c5affaeb955349a26cae2bd9c92236
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_powerpc.deb
Size/MD5: 335902 5460f8f32a30489940cf69855983ed3c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_sparc.udeb
Size/MD5: 203458 038c030a32c3d74e3d20cb4f8eaf5336
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_sparc.deb
Size/MD5: 265862 67e06c4f7f5352a3248060245f41837c
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_sparc.deb
Size/MD5: 324634 873eeaf81f86f69e1de8f2c9c2335fda
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_sparc.deb
Size/MD5: 116874 4583b6c0cd5cf6abf8fc81ae1c5656a2
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_sparc.deb
Size/MD5: 387388 d31379a7fe21d36761ce6d6e01d51ba7
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_sparc.deb
Size/MD5: 121616 62ed8721ad7cfe9f45448c321be12340
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_sparc.deb
Size/MD5: 341160 9e72b31fccc6ca7d33fcf814f7cca8be
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu3.1.diff.gz
Size/MD5: 145049 762c8d99c1e8e1245830ff0cfc9c22cf
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu3.1.dsc
Size/MD5: 1950 6fc0ed0a5f2f2897b25cb127fdf599bb
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3.orig.tar.gz
Size/MD5: 804097 6ee8af8b283c95b3b4db5e88b6dd9a26
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.3-2ubuntu3.1_all.deb
Size/MD5: 27294 5873371bf57e765fd69a49ab238f7f5f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_amd64.udeb
Size/MD5: 208924 47388e6df5a8a88758f893f0157f7a49
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_amd64.deb
Size/MD5: 273438 3e968127e7212b682e23422ccd498a51
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_amd64.deb
Size/MD5: 335524 c2231ce6ce81fa1a61f33b50879ea8e7
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_amd64.deb
Size/MD5: 127748 31baa39d20b53e7200b146bb5e1dbc7a
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_amd64.deb
Size/MD5: 396594 05f2652d1223dbbf59bcfdb86503ec81
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_amd64.deb
Size/MD5: 126830 2017ee773f9e4c4136e6604003978a72
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_amd64.deb
Size/MD5: 349758 3a07e9f0c5b36e05024e98f2e01e7a36
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_i386.udeb
Size/MD5: 191468 7efe2e4b59392afda8ef1c8d69aa04cd
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_i386.deb
Size/MD5: 256600 1b24883c7ee056fcbcda20cc1d82673e
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_i386.deb
Size/MD5: 318512 8ad3080333f5d86ad40548de9cfced43
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_i386.deb
Size/MD5: 118816 c679db32ae992ca9f6fc5473e81df94a
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_i386.deb
Size/MD5: 376744 e3b708777fcd15c84240e43bf08b5d7e
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_i386.deb
Size/MD5: 117698 b0dfb728d6d9f69c9af3910744b1fbb8
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_i386.deb
Size/MD5: 328168 617edc965494055443d2c43326c411d7
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_armel.udeb
Size/MD5: 180926 3969ae580d52c38b45d63ac388cbbe4d
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_armel.deb
Size/MD5: 246116 4956ee0ca5be72ee8ece1cd89ccf5082
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_armel.deb
Size/MD5: 309348 c8567f86659a5670b6c7167a106bf71a
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_armel.deb
Size/MD5: 115350 023f49615f6ca0a8f2367e816921fa8d
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_armel.deb
Size/MD5: 361242 b8e92e0d7ee35dccf62349627513b3d5
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_armel.deb
Size/MD5: 113136 ecc1eca1107bf3d2a85145c87800f0a9
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_armel.deb
Size/MD5: 314078 a09784b9e5545593b771e8db596b70ad
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_powerpc.udeb
Size/MD5: 200432 0db5e288252f7cec9511aeedd6328a87
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_powerpc.deb
Size/MD5: 265410 78eb3d25b509d5d3669a33bf8603b0df
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_powerpc.deb
Size/MD5: 327180 9d47f9f6bd35ebd5e53e68ff8cf27473
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_powerpc.deb
Size/MD5: 121552 7d955d50534795154e471aea30341fe1
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_powerpc.deb
Size/MD5: 385370 dd7f5ffd85a725a8cb4f8fe6a067d0bb
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_powerpc.deb
Size/MD5: 121446 0ccdd1ca74fcd96be84596ce324f967e
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_powerpc.deb
Size/MD5: 337410 54549752057dc73a3e35a158b871ea36
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_sparc.udeb
Size/MD5: 212712 be3c531c2fffd6ad83501e44015a3532
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_sparc.deb
Size/MD5: 277974 5a9ee5790cc705c845cd085c71d001b5
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_sparc.deb
Size/MD5: 335174 22b404e90f206772c786f968392ecef1
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_sparc.deb
Size/MD5: 121764 97643d01dd5dd3eb06859cb881312e6d
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_sparc.deb
Size/MD5: 402564 889e3a0882bebb5b4ceb4df3c805d883
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_sparc.deb
Size/MD5: 126888 546ab5281e2ba4672471a30fce814e36
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_sparc.deb
Size/MD5: 353712 64fcbf89ca8fd7af9aa2a9bd66739170
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu6.1.diff.gz
Size/MD5: 151417 604106743c8429a59b9b8af55de854f7
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu6.1.dsc
Size/MD5: 1962 792f947b2a6c3020c45ca1b56771c77e
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3.orig.tar.gz
Size/MD5: 804097 6ee8af8b283c95b3b4db5e88b6dd9a26
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.3-2ubuntu6.1_all.deb
Size/MD5: 27778 319b0ce429e455b13a2248cc2cbe3491
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_amd64.udeb
Size/MD5: 208588 f4d4d2a63016b2b9960654be7c04b9c5
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_amd64.deb
Size/MD5: 274192 4005626ae7c8ed06bf15a1e014968ebd
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_amd64.deb
Size/MD5: 335392 3f745248ea2b2c54e1771f1789cd13dc
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_amd64.deb
Size/MD5: 128922 dc2dd29ead86d887a22da63f27ae9692
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_amd64.deb
Size/MD5: 398270 ffd780e99cb19cc3884703ec930a68cb
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_amd64.deb
Size/MD5: 126752 a4d3f03e0855ce6ef4cf6a75f33198d1
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_amd64.deb
Size/MD5: 349942 430e5e501488da92c3b4e2f2a685912a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_i386.udeb
Size/MD5: 190312 23ced3137d0e056d9ce13dd41e656af3
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_i386.deb
Size/MD5: 255768 07cfc1c5db7b6d8585e9a00513699049
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_i386.deb
Size/MD5: 317854 f9a58ae40c5f2645e17e2a9349f07edf
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_i386.deb
Size/MD5: 119094 9af94d26ecd3ce03c9d059ab8db5ff46
http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_i386.deb
Size/MD5: 376052 2dd5ab42f28d13baab1d332c92fcdbcf
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_i386.deb
Size/MD5: 117472 9638997daef5f353621a3adea0f054d5
http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_i386.deb
Size/MD5: 327368 93d8a202391be7d55484901a7fa00f09
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_armel.udeb
Size/MD5: 191162 ea1961dc40672d12302dcb3e0ae62c44
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_armel.deb
Size/MD5: 256344 fd6d84d8ca333a1e0cc0efc4c26df7cb
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_armel.deb
Size/MD5: 319110 4ed5fb07ce8a4997c1132f96e4c29e39
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_armel.deb
Size/MD5: 118586 ade0a8cfa1217ae39ff58bea47e4faa0
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_armel.deb
Size/MD5: 377976 7f26e7b4442f8b17b8178fc7b44e6720
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_armel.deb
Size/MD5: 118802 ee96894319dbf620dbf981a2493cefa0
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_armel.deb
Size/MD5: 328204 3a65c3fb55385716b19bbb6fce72ab07
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_powerpc.udeb
Size/MD5: 199526 1a984e2503c1a015134cf94e273b768a
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_powerpc.deb
Size/MD5: 264952 7a2139af6f6681dae88cd826c04ce61e
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_powerpc.deb
Size/MD5: 326646 8a1aaf899283814de8b8bcca6125576d
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_powerpc.deb
Size/MD5: 121952 90719742a1e133ae5edb9c5d6e72ad06
http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_powerpc.deb
Size/MD5: 384922 1cb9a8d40d9405b061b28cd2236d3acd
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_powerpc.deb
Size/MD5: 121542 81b420f37a81e5a05e5aadeaf1cb47c3
http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_powerpc.deb
Size/MD5: 336918 26cba2f6096556526ce2a64556f571e5
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201104-0082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.5"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "4.1-esv"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.1.1"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.1.3"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.6"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "4.2.1"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.1-esv"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "4.2.0"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.0.3"
},
{
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "3.1.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "internet consortium",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva s a",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": "airmac base station",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.6"
},
{
"model": "time capsule",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "dhcp client 4.0.1p1",
"scope": null,
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "dhcpd 3.0.2rc1",
"scope": null,
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "dhcpd 4.0.1p1",
"scope": null,
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "time capsule",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"model": "xenserver sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.6"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.0.1"
},
{
"model": "dhcpd rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dhcp client 3.1.2p1",
"scope": null,
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0.1"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "dhcp client 3.1-esv-r1",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "dhcpd rc6",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "aura system manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "aura conferencing sp1 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "dhcpd rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "dhcp client 4.1.1-p1",
"scope": null,
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "dhcp client 4.1.0p1",
"scope": null,
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "dhcpd",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "4.1.1"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"model": "dhcpd",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "4.1"
},
{
"model": "dhcpd rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "dhcpd 4.0.2-p1",
"scope": null,
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "time capsule",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0.2"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "dhcpd pl2",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "time capsule",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5"
},
{
"model": "time capsule",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux enterprise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "dhcpd",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "dhcp client b1",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "time capsule",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.0"
},
{
"model": "dhcpd rc7",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "airport express base station with 802.11n",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "dhcpd rc11",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "dhcpd",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.1.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "dhcpd 4.2.1-p1",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "aura presence services",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "dhcp client 4.0.2-p1",
"scope": null,
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "message networking",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.5"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "dhcpd",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "dhcp client",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "4.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.0.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.1"
},
{
"model": "linux enterprise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "netbsd",
"version": null
},
{
"model": "dhcpd rc13",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.1"
},
{
"model": "time capsule",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "insight control for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.2"
},
{
"model": "airport express base station with 802.11n",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "airport express base station with 802.11n",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "ctpview 7.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "dhcpd rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "dhcpd 4.1-esv-r2",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "dhcpd 3.1-esv-r1",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "dhcp client 4.2.1-p1",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "dhcpd b2pl9",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "xenserver feature pack",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.61"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "ip office application server",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "ctpview 7.3r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.3"
},
{
"model": "dhcpd rc8",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dhcpd pl1",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "dhcp client b1pl14",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.6"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "dhcp client",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "4.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "dhcpd 4.1.1-p1",
"scope": null,
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "dhcpd rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dhcp client b1pl17",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "dhcpd rc9",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.1"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "dhcp client",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "xenserver common criteria",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.6"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "dhcp client 4.1-esv-r2",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "dhcpd rc14",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dhcpd rc12",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "dhcpd 3.0.5b1",
"scope": null,
"trust": 0.3,
"vendor": "isc",
"version": null
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "dhcpd rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "dhcpd rc12",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "dhcpd rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0.1"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "dhcpd b2pl23",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "3.0"
},
{
"model": "xenserver update",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.03"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "ctpview 7.1r3",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "ctpview 7.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "dhcpd",
"scope": "eq",
"trust": 0.3,
"vendor": "isc",
"version": "4.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.0"
},
{
"model": "4,0 beta",
"scope": null,
"trust": 0.3,
"vendor": "netbsd",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "BID",
"id": "47176"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Krahmer and Marius Tomaschewski from the SUSE Security Team",
"sources": [
{
"db": "BID",
"id": "47176"
}
],
"trust": 0.3
},
"cve": "CVE-2011-0997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-0997",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-0997",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#107886",
"trust": 0.8,
"value": "11.34"
},
{
"author": "VULMON",
"id": "CVE-2011-0997",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. The ISC dhclient contains a vulnerability that could allow a remote attacker to execute arbitrary code on the client machine. Apple From Apple Time Capsule and AirPort Base Station (802.11n) Firmware update for has been released.Crafted DHCP Any command may be executed by processing the response. \nA remote attacker can exploit this issue through a rogue DHCP server. \n \n Additionally for Corporate Server 4 and Enterprise Server 5 ISC DHCP\n has been upgraded from the 3.0.7 version to the 4.1.2-P1 version\n which brings many enhancements such as better ipv6 support. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997\n http://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1-RELNOTES\n https://www.isc.org/software/dhcp/advisories/cve-2011-0997\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n 0fe2b147ebdba8b68f69ddc27160db5c 2009.0/i586/dhcp-client-4.1.2-0.4mdv2009.0.i586.rpm\n f4ee7090da2bec5cb4482f2fa21beb8b 2009.0/i586/dhcp-common-4.1.2-0.4mdv2009.0.i586.rpm\n a4a5bd2f2d8f4d40a4c60d5dde55307c 2009.0/i586/dhcp-devel-4.1.2-0.4mdv2009.0.i586.rpm\n 814bc88e335fb03901f326300ae92961 2009.0/i586/dhcp-doc-4.1.2-0.4mdv2009.0.i586.rpm\n ec52571bb8002e9394b1eb6e6fc95b64 2009.0/i586/dhcp-relay-4.1.2-0.4mdv2009.0.i586.rpm\n e7fed43b5db92babf8ca3acbd7210b7f 2009.0/i586/dhcp-server-4.1.2-0.4mdv2009.0.i586.rpm \n 18489ac449e257f1fa9aad9e7a054b45 2009.0/SRPMS/dhcp-4.1.2-0.4mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n b557459f67de2b8ec481d313d9a26cb2 2009.0/x86_64/dhcp-client-4.1.2-0.4mdv2009.0.x86_64.rpm\n b4ea7a9670866fff6cd3f4eb77073a84 2009.0/x86_64/dhcp-common-4.1.2-0.4mdv2009.0.x86_64.rpm\n 4f9a9c9a9815697e17a65b942771e31d 2009.0/x86_64/dhcp-devel-4.1.2-0.4mdv2009.0.x86_64.rpm\n df18345c665846817880f815af0ad0e8 2009.0/x86_64/dhcp-doc-4.1.2-0.4mdv2009.0.x86_64.rpm\n eac313ff664e3ea9f8e4c3818d7b7387 2009.0/x86_64/dhcp-relay-4.1.2-0.4mdv2009.0.x86_64.rpm\n 48cca35591072588de0e1b9f00ca88eb 2009.0/x86_64/dhcp-server-4.1.2-0.4mdv2009.0.x86_64.rpm \n 18489ac449e257f1fa9aad9e7a054b45 2009.0/SRPMS/dhcp-4.1.2-0.4mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n 88ba2b9d0ccfddf8b1b6f516851d08ce 2010.0/i586/dhcp-client-4.1.2-0.4mdv2010.0.i586.rpm\n 1475209ee7b9fb9b7f26ad5b20afcdcf 2010.0/i586/dhcp-common-4.1.2-0.4mdv2010.0.i586.rpm\n ea29d2bfd21b02a56057cd36dc21f43a 2010.0/i586/dhcp-devel-4.1.2-0.4mdv2010.0.i586.rpm\n 067c3ac4f7530e447f82bbe4326253a3 2010.0/i586/dhcp-doc-4.1.2-0.4mdv2010.0.i586.rpm\n 409516cfb0004d5f4522040b81433ce7 2010.0/i586/dhcp-relay-4.1.2-0.4mdv2010.0.i586.rpm\n a23871dfa6632571cdf4a2559941ad89 2010.0/i586/dhcp-server-4.1.2-0.4mdv2010.0.i586.rpm \n 265c9ec68af7e23baf8b1b6fcc4cc64f 2010.0/SRPMS/dhcp-4.1.2-0.4mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 403dfe148141d926bc2f5e31c18360ba 2010.0/x86_64/dhcp-client-4.1.2-0.4mdv2010.0.x86_64.rpm\n 2cd0331b9935442a68d606e1d58b0608 2010.0/x86_64/dhcp-common-4.1.2-0.4mdv2010.0.x86_64.rpm\n 80a31ea430793ce9d2269c9d31aa03bd 2010.0/x86_64/dhcp-devel-4.1.2-0.4mdv2010.0.x86_64.rpm\n d5053dc644215e70dfc5380afdbc90c4 2010.0/x86_64/dhcp-doc-4.1.2-0.4mdv2010.0.x86_64.rpm\n 377fe3099561dd0a795617977164b91f 2010.0/x86_64/dhcp-relay-4.1.2-0.4mdv2010.0.x86_64.rpm\n 57b98ba8696c7a7d20ab96a823f4ff0d 2010.0/x86_64/dhcp-server-4.1.2-0.4mdv2010.0.x86_64.rpm \n 265c9ec68af7e23baf8b1b6fcc4cc64f 2010.0/SRPMS/dhcp-4.1.2-0.4mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 5b603213aa47a9772cf786ae6ee046da 2010.1/i586/dhcp-client-4.1.2-0.4mdv2010.2.i586.rpm\n 3046be07aaa09d1b39fcc8c07ef25e58 2010.1/i586/dhcp-common-4.1.2-0.4mdv2010.2.i586.rpm\n 1b5a481f6db0b53e666884cfda6ac44c 2010.1/i586/dhcp-devel-4.1.2-0.4mdv2010.2.i586.rpm\n 279beab531b59a715c946a00bd58fc48 2010.1/i586/dhcp-doc-4.1.2-0.4mdv2010.2.i586.rpm\n a328ab24b56f1ac03f8f420acd0a3806 2010.1/i586/dhcp-relay-4.1.2-0.4mdv2010.2.i586.rpm\n f7c61c55748270add2fe45d3245895c8 2010.1/i586/dhcp-server-4.1.2-0.4mdv2010.2.i586.rpm \n 30d4e8965d393765fb98b425889df126 2010.1/SRPMS/dhcp-4.1.2-0.4mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 27f78c74028b1ea64dbd596c05cfa83f 2010.1/x86_64/dhcp-client-4.1.2-0.4mdv2010.2.x86_64.rpm\n ab56614386900415fecba15f4c17db13 2010.1/x86_64/dhcp-common-4.1.2-0.4mdv2010.2.x86_64.rpm\n 535a2eb4b6a4b1f78f47201e0b4249c3 2010.1/x86_64/dhcp-devel-4.1.2-0.4mdv2010.2.x86_64.rpm\n 64e9bac6fe8f4dbee3e1aebd5d91e977 2010.1/x86_64/dhcp-doc-4.1.2-0.4mdv2010.2.x86_64.rpm\n 612892e71f2aeddfd8b55cd7ac220247 2010.1/x86_64/dhcp-relay-4.1.2-0.4mdv2010.2.x86_64.rpm\n 9bb46bca8de30ee4b99bfe09867a3924 2010.1/x86_64/dhcp-server-4.1.2-0.4mdv2010.2.x86_64.rpm \n 30d4e8965d393765fb98b425889df126 2010.1/SRPMS/dhcp-4.1.2-0.4mdv2010.2.src.rpm\n\n Corporate 4.0:\n f49d86732da26402b022b2d980049c03 corporate/4.0/i586/dhcp-client-4.1.2-0.4.20060mlcs4.i586.rpm\n acd985bc51c25cc42325befb357b0dcc corporate/4.0/i586/dhcp-common-4.1.2-0.4.20060mlcs4.i586.rpm\n c01506a802e46af23c8f10a72c6a0eb2 corporate/4.0/i586/dhcp-devel-4.1.2-0.4.20060mlcs4.i586.rpm\n 81522530fa5e97057d6eeea18ad7bec3 corporate/4.0/i586/dhcp-doc-4.1.2-0.4.20060mlcs4.i586.rpm\n 2ebfdf7ee9224b7403c4ab5e8370d9ab corporate/4.0/i586/dhcp-relay-4.1.2-0.4.20060mlcs4.i586.rpm\n c2bbacf8934b9e3dc78cdb49cd811ec9 corporate/4.0/i586/dhcp-server-4.1.2-0.4.20060mlcs4.i586.rpm \n ac3031a0c5dfeb6274aa28d669e66cba corporate/4.0/SRPMS/dhcp-4.1.2-0.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 2747bf835e111141b9a91dc320eeab43 corporate/4.0/x86_64/dhcp-client-4.1.2-0.4.20060mlcs4.x86_64.rpm\n 0c998112346a5da94e09d55c996d6dff corporate/4.0/x86_64/dhcp-common-4.1.2-0.4.20060mlcs4.x86_64.rpm\n fd38ef505da0c593ef900895abeb1ddc corporate/4.0/x86_64/dhcp-devel-4.1.2-0.4.20060mlcs4.x86_64.rpm\n 69b3d6cbf21c46828de40a322fd1310d corporate/4.0/x86_64/dhcp-doc-4.1.2-0.4.20060mlcs4.x86_64.rpm\n c5acb788ae76e674952d656fa9b0d1a5 corporate/4.0/x86_64/dhcp-relay-4.1.2-0.4.20060mlcs4.x86_64.rpm\n e19db50139a291a7acd23491af5f8d54 corporate/4.0/x86_64/dhcp-server-4.1.2-0.4.20060mlcs4.x86_64.rpm \n ac3031a0c5dfeb6274aa28d669e66cba corporate/4.0/SRPMS/dhcp-4.1.2-0.4.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 7cbe686b047a6fd6f95cda44669e5862 mes5/i586/dhcp-client-4.1.2-0.4mdvmes5.2.i586.rpm\n af8b9fe15591b76c11f2257e0cb43a37 mes5/i586/dhcp-common-4.1.2-0.4mdvmes5.2.i586.rpm\n 2a22a53e6de1a9333c36c5cc250c5ac4 mes5/i586/dhcp-devel-4.1.2-0.4mdvmes5.2.i586.rpm\n 9ca551145fc79919000a61419e72de37 mes5/i586/dhcp-doc-4.1.2-0.4mdvmes5.2.i586.rpm\n e9faa5fae712882720b107eb02e51f1f mes5/i586/dhcp-relay-4.1.2-0.4mdvmes5.2.i586.rpm\n 8568f3bac9dd6654b63ebee94c33275e mes5/i586/dhcp-server-4.1.2-0.4mdvmes5.2.i586.rpm \n 0e5415cf40dde2931cd1b81aada5e7f7 mes5/SRPMS/dhcp-4.1.2-0.4mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 87ae497e9b94fb842718b4fbefb55474 mes5/x86_64/dhcp-client-4.1.2-0.4mdvmes5.2.x86_64.rpm\n 71d70558972e1f0729513fce69183de2 mes5/x86_64/dhcp-common-4.1.2-0.4mdvmes5.2.x86_64.rpm\n 0f12150d87816bd1770388d8dc309d21 mes5/x86_64/dhcp-devel-4.1.2-0.4mdvmes5.2.x86_64.rpm\n 0450f2a86dab4988d1c96a8e9747104f mes5/x86_64/dhcp-doc-4.1.2-0.4mdvmes5.2.x86_64.rpm\n 6a043f417310b6229e8fb8d967c12a8d mes5/x86_64/dhcp-relay-4.1.2-0.4mdvmes5.2.x86_64.rpm\n e4281f48c410412f60fd33f095b9199c mes5/x86_64/dhcp-server-4.1.2-0.4mdvmes5.2.x86_64.rpm \n 0e5415cf40dde2931cd1b81aada5e7f7 mes5/SRPMS/dhcp-4.1.2-0.4mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFNotZnmqjQ0CJFipgRAsarAJ4zitKb2D4e53sOLX4vqvuPs5tLCACffyPE\nY8Ya7GFbhILVKuKTG+Ps+3k=\n=EXBX\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201301-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ISC DHCP: Denial of Service\n Date: January 09, 2013\n Bugs: #362453, #378799, #393617, #398763, #428120, #434880\n ID: 201301-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in ISC DHCP, the worst of\nwhich may allow remote Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/dhcp \u003c 4.2.4_p2 \u003e= 4.2.4_p2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ISC DHCP. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ISC DHCP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/dhcp-4.2.4_p2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-0997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0997\n[ 2 ] CVE-2011-2748\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2748\n[ 3 ] CVE-2011-2749\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2749\n[ 4 ] CVE-2011-4539\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4539\n[ 5 ] CVE-2011-4868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4868\n[ 6 ] CVE-2012-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3570\n[ 7 ] CVE-2012-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3571\n[ 8 ] CVE-2012-3954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3954\n[ 9 ] CVE-2012-3955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3955\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201301-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nRelease Date: 2012-03-20\nLast Updated: 2012-03-20\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Insight Control Software for Linux (IC-Linux). \n\nReferences: CVE-2011-3210, CVE-2011-3207, CVE-2011-1097, CVE-2011-0997, CVE-2011-0762, CVE-2010-4645\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control Software for Linux (IC-Linux) before v7.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-3207 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2011-1097 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1\nCVE-2011-0997 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-0762 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0\nCVE-2010-4645 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided HP Insight Control Software for Linux (IC-Linux) v7.0 to resolve the vulnerabilities. IC-Linux v7.0 is available here:\n\nhttp://h18004.www1.hp.com/products/servers/management/insightcontrol_linux2/index.html\n\nHISTORY\nVersion:1 (rev.1) - 20 March 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. This issue is addressed by stripping shell meta-characters\nin dhclient-script. \n\nIt is recommended that AirPort Utility 5.5.3 or later be installed\nbefore upgrading to Firmware version 7.6. ==========================================================================\nUbuntu Security Notice USN-1108-2\nApril 19, 2011\n\ndhcp3 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 9.10\n\nSummary:\n\nAn attacker\u0027s DHCP server could send crafted responses to your computer and\ncause it to run programs as root. Due to an error, the patch to fix\nthe vulnerability was not properly applied on Ubuntu 9.10 and higher. This\nupdate fixes the problem. \n\nOriginal advisory details:\n\n Sebastian Krahmer discovered that the dhclient utility incorrectly filtered\n crafted responses. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.10:\n dhcp3-client 3.1.3-2ubuntu6.2\n\nUbuntu 10.04 LTS:\n dhcp3-client 3.1.3-2ubuntu3.2\n\nUbuntu 9.10:\n dhcp3-client 3.1.2-1ubuntu7.3\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: dhcp security update\nAdvisory ID: RHSA-2011:0840-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-0840.html\nIssue date: 2011-05-31\nCVE Names: CVE-2011-0997 \n=====================================================================\n\n1. Summary:\n\nUpdated dhcp packages that fix one security issue are now available for\nRed Hat Enterprise Linux 3 Extended Life Cycle Support. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AS (v. 3 ELS) - i386\nRed Hat Enterprise Linux ES (v. 3 ELS) - i386\n\n3. Description:\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\nindividual devices on an IP network to get their own network configuration\ninformation, including an IP address, a subnet mask, and a broadcast\naddress. A malicious DHCP server could send such an option\nwith a specially-crafted value to a DHCP client. If this option\u0027s value was\nsaved on the client system, and then later insecurely evaluated by a\nprocess that assumes the option is trusted, it could lead to arbitrary code\nexecution with the privileges of that process. (CVE-2011-0997)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for\nreporting this issue. \n\nAll dhclient users should upgrade to these updated packages, which contain\na backported patch to correct this issue. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n689832 - CVE-2011-0997 dhclient: insufficient sanitization of certain DHCP response values\n\n6. Package List:\n\nRed Hat Enterprise Linux AS (v. 3 ELS):\n\nSource:\ndhcp-3.0.1-10.3_EL3.src.rpm\n\ni386:\ndhclient-3.0.1-10.3_EL3.i386.rpm\ndhcp-3.0.1-10.3_EL3.i386.rpm\ndhcp-debuginfo-3.0.1-10.3_EL3.i386.rpm\ndhcp-devel-3.0.1-10.3_EL3.i386.rpm\n\nRed Hat Enterprise Linux ES (v. 3 ELS):\n\nSource:\ndhcp-3.0.1-10.3_EL3.src.rpm\n\ni386:\ndhclient-3.0.1-10.3_EL3.i386.rpm\ndhcp-3.0.1-10.3_EL3.i386.rpm\ndhcp-debuginfo-3.0.1-10.3_EL3.i386.rpm\ndhcp-devel-3.0.1-10.3_EL3.i386.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-0997.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u0026lt;secalert@redhat.com\u0026gt;. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFN5QSLXlSAg2UNWIIRAsdVAJ9mkD7RcbzsYOkK8JnEQsRSeelYuwCeNmZd\nLdK24/RBkJXiFOiY5pI8Eig=\n=HTuE\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3-6ubuntu7.2.diff.gz\n Size/MD5: 68426 b4a36d1b44e8276211cef0b9bfbb6ea5\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3-6ubuntu7.2.dsc\n Size/MD5: 1428 2fe76544defdfa3d4ab61d548ea5bc03\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3.orig.tar.gz\n Size/MD5: 870240 f91416a0b8ed3fd0601688cf0b7df58f\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_amd64.deb\n Size/MD5: 221524 2cc3c7815cb6e6a2cc21d0c2a6286202\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_amd64.deb\n Size/MD5: 454060 4d6e00d001d85359af4777316c012038\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_amd64.deb\n Size/MD5: 131252 bf862b9ce2cc9888f9e617f42c0d8f77\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_amd64.deb\n Size/MD5: 321024 383390887daadd122e7e66a9896e0432\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_amd64.udeb\n Size/MD5: 177440 04a6bc2b53da66245b8b79b71d8f82ed\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_amd64.deb\n Size/MD5: 105842 9616c95d8f2d487fd330fb9b33c58474\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_i386.deb\n Size/MD5: 196930 ebaee96958395481e8c9c25a6591c1a3\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_i386.deb\n Size/MD5: 431162 6fec8eaee0c753e95193f507e3c2c1eb\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_i386.deb\n Size/MD5: 117544 76fd573dc96ade71033c31e9965a1ede\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_i386.deb\n Size/MD5: 289684 8d0c386dc142ca3e69766e26fa6ced00\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_i386.udeb\n Size/MD5: 152296 98cdda8ba797a8f3532e2db2c95f5329\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_i386.deb\n Size/MD5: 94176 369f369a8fd6b58df3e293a5264c8047\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_powerpc.deb\n Size/MD5: 203612 da623d9e1694169cfc1de56f2e0df6e4\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_powerpc.deb\n Size/MD5: 435818 a6f18c0a5083885f0f3ad270a52f1ea9\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_powerpc.deb\n Size/MD5: 130290 8ed50d04b1c91276b0bdf19b3cda3fcd\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_powerpc.deb\n Size/MD5: 297742 95b7742e4fb7c4720add03965ef51b45\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_powerpc.udeb\n Size/MD5: 158466 61e6403a4a5db1783c43fbfe6ad74e8c\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_powerpc.deb\n Size/MD5: 96696 a7d275b7895e47d8141fab29a3db415b\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_sparc.deb\n Size/MD5: 200826 04fe774f2349b12af88465a96a4443b4\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_sparc.deb\n Size/MD5: 434238 c71c8b52f5324385d13e3610e7bef30e\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_sparc.deb\n Size/MD5: 126784 ca67a9bd308dfb73bf85906f53e8ae6b\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_sparc.deb\n Size/MD5: 294084 628696dfa6a0c9a2713b7fde4390d700\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_sparc.udeb\n Size/MD5: 156068 907d41b490e6155c580b83cec96e3f71\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_sparc.deb\n Size/MD5: 96810 d1559518c2fc467cf6244ee8cd29176b\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg-1ubuntu9.2.diff.gz\n Size/MD5: 97783 a2e0e7077df662a15c039c462ecd8e3d\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg-1ubuntu9.2.dsc\n Size/MD5: 1537 ccf77a9747dc8cbc6b65e0d94ab9c43b\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg.orig.tar.gz\n Size/MD5: 724045 e89ef34005c576ddbb229e3b4478f6e2\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_amd64.udeb\n Size/MD5: 180140 9b8c326a22be742b43e2b8d9b07d4f86\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_amd64.deb\n Size/MD5: 242126 8053c2330e512d48f0318af10079c50a\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_amd64.deb\n Size/MD5: 300696 15bbfae5ba97f27d0c896b886773f02b\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_amd64.deb\n Size/MD5: 124032 82fe33e521c7ee08b7a00596acc8cb8d\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_amd64.deb\n Size/MD5: 342596 40acd4d59e72be79a5c930254bee0223\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_amd64.deb\n Size/MD5: 114396 5e5c7a86cec5ef70f927cbf53fffec4d\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_i386.udeb\n Size/MD5: 159988 7c2cd082adad4cdae500b88b9429ea24\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_i386.deb\n Size/MD5: 221966 92748d084525779ad31fe09ae76ca8d5\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_i386.deb\n Size/MD5: 281564 0e64a350c9599b473f42949dbaa44533\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_i386.deb\n Size/MD5: 109818 5ef8d14534865cdf0b63699e54ab684a\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_i386.deb\n Size/MD5: 318748 205746468ea8d58f1babe96c28f46983\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_i386.deb\n Size/MD5: 103376 15e19ab3867304e29f59f3e97170f145\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_lpia.udeb\n Size/MD5: 158248 1ce010480a0ea9a1a8683995ab5c9b68\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_lpia.deb\n Size/MD5: 220236 d0c1551dde51da5503fe3be6288a23bb\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_lpia.deb\n Size/MD5: 279790 cf35fa8aaca649fd85366e684628a580\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_lpia.deb\n Size/MD5: 109062 d1ff75192f05906028ac9001483529da\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_lpia.deb\n Size/MD5: 316576 6f95deb3879a7c38c0f9cd1ba1ff0228\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_lpia.deb\n Size/MD5: 102310 d4b1c32f8c1d1a6383fc09580e46ec79\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_powerpc.udeb\n Size/MD5: 177278 29a10d5d08bc3797b67770a4028758ff\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_powerpc.deb\n Size/MD5: 242046 27324a8f5623a94ff813148a5267fb4b\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_powerpc.deb\n Size/MD5: 296498 4b8af066dc6c2481e4ff360800c04e74\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_powerpc.deb\n Size/MD5: 122548 9ad8db4fbd23f1760d1bc123b01f014b\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_powerpc.deb\n Size/MD5: 341860 28075deaecbdc1d77166dcb1623a8c85\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_powerpc.deb\n Size/MD5: 112934 766413326d6486146da4aec03a2654bc\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_sparc.udeb\n Size/MD5: 156574 742d54969d6dd68e7ac86ca00e1b1832\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_sparc.deb\n Size/MD5: 218754 60013fe472200e1bf45d9b02d80a244e\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_sparc.deb\n Size/MD5: 277066 bf1034124c51ddacf732c2887957a46e\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_sparc.deb\n Size/MD5: 113494 b50639e27d92c0ababba9fab23242d7d\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_sparc.deb\n Size/MD5: 313426 b93d5ec9d7ea9717a79d6bf2bb80a285\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_sparc.deb\n Size/MD5: 102930 df99654fbd9e6f5aba7f962adb9d6470\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2-1ubuntu7.2.diff.gz\n Size/MD5: 141611 0cab5bee752928f3c9f0c8e1ded26167\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2-1ubuntu7.2.dsc\n Size/MD5: 1955 a26905456538cd0d30e924e488302fc4\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2.orig.tar.gz\n Size/MD5: 799626 85901a9554650030df7d1ef3e5959fdf\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.2-1ubuntu7.2_all.deb\n Size/MD5: 26206 905e286082551fcbc23916052de7e2fa\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_amd64.udeb\n Size/MD5: 208604 5bb8643607d5f416205174f97d443e8e\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_amd64.deb\n Size/MD5: 270930 fa0267775f2471f0be30499bf121b6e7\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_amd64.deb\n Size/MD5: 332152 ee101e67b7ad97bd410e983da115484d\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_amd64.deb\n Size/MD5: 127130 0d4b4a1dc992d56f8c01d94990290910\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_amd64.deb\n Size/MD5: 395062 a5ab658903283a97dd658e5cdfe6a45e\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_amd64.deb\n Size/MD5: 125444 6f12bfb86b46567aa8e2ecba8af1852e\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_amd64.deb\n Size/MD5: 348242 8fe33e4a7afac6d5a952d0c158d7ed45\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_i386.udeb\n Size/MD5: 191210 64285abd7e68c517eefcf3ff5eecb909\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_i386.deb\n Size/MD5: 252916 749769cec2a5d0cdfe5ddb67e6864270\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_i386.deb\n Size/MD5: 315850 e0deb4932a763831adc3e73cf0f068fa\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_i386.deb\n Size/MD5: 116650 434d9e26a1b3b5a4b5fd94bea2c581b4\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_i386.deb\n Size/MD5: 372288 481d9d80e948895969b72be4b825fbb8\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_i386.deb\n Size/MD5: 116424 49010850bef64719353588c5d88e6714\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_i386.deb\n Size/MD5: 326174 7f328cba4c811d5d56582328f1ad6b1d\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_armel.udeb\n Size/MD5: 174400 4ed674aa3f13c4c4012def78b6cfd62f\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_armel.deb\n Size/MD5: 236228 c14a8f75dc70e363afb2e39b9b6c9b68\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_armel.deb\n Size/MD5: 300026 8183f7371713d8ddc8bd2b8f8d979794\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_armel.deb\n Size/MD5: 112806 41dcceea5abd7feac4f1f7465b3892b7\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_armel.deb\n Size/MD5: 349366 ea2f47d49b065c252caeb33d9d273363\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_armel.deb\n Size/MD5: 108672 f277fadf0e50c5325b20f8001f30108a\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_armel.deb\n Size/MD5: 301210 76887fde4612e80131c94a00b328a874\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_lpia.udeb\n Size/MD5: 187330 e70af0ba0633b7a10c666f2f2e30b017\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_lpia.deb\n Size/MD5: 249154 bde848f0444ac204f0781d848771b2e7\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_lpia.deb\n Size/MD5: 312056 e131e50d9159fb5a7cf92bd7532c6d5b\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_lpia.deb\n Size/MD5: 115610 6bf9bc6ccc3986f7bda77f6e0929bd2b\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_lpia.deb\n Size/MD5: 368276 a5d4ce07f31b702817fb3d3961fd8a7b\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_lpia.deb\n Size/MD5: 114588 d030b6a51bf6eb1b682c88fcfc92cdda\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_lpia.deb\n Size/MD5: 321710 5c51aac0b4ea78167072cce854d63f47\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_powerpc.udeb\n Size/MD5: 199998 aff548b71963695089f418a502bc5e01\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_powerpc.deb\n Size/MD5: 262344 a4799a7b4c6d6d91120ef36537485080\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_powerpc.deb\n Size/MD5: 324014 c6be94d8dda2d47ea08c3f1277160eda\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_powerpc.deb\n Size/MD5: 120394 4b35e8aa5a363a659daa6232a0a76501\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_powerpc.deb\n Size/MD5: 382434 9c71333d4f8ccc12d14996fa42ba60b7\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_powerpc.deb\n Size/MD5: 120310 32c5affaeb955349a26cae2bd9c92236\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_powerpc.deb\n Size/MD5: 335902 5460f8f32a30489940cf69855983ed3c\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_sparc.udeb\n Size/MD5: 203458 038c030a32c3d74e3d20cb4f8eaf5336\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_sparc.deb\n Size/MD5: 265862 67e06c4f7f5352a3248060245f41837c\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_sparc.deb\n Size/MD5: 324634 873eeaf81f86f69e1de8f2c9c2335fda\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_sparc.deb\n Size/MD5: 116874 4583b6c0cd5cf6abf8fc81ae1c5656a2\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_sparc.deb\n Size/MD5: 387388 d31379a7fe21d36761ce6d6e01d51ba7\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_sparc.deb\n Size/MD5: 121616 62ed8721ad7cfe9f45448c321be12340\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_sparc.deb\n Size/MD5: 341160 9e72b31fccc6ca7d33fcf814f7cca8be\n\nUpdated packages for Ubuntu 10.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu3.1.diff.gz\n Size/MD5: 145049 762c8d99c1e8e1245830ff0cfc9c22cf\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu3.1.dsc\n Size/MD5: 1950 6fc0ed0a5f2f2897b25cb127fdf599bb\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3.orig.tar.gz\n Size/MD5: 804097 6ee8af8b283c95b3b4db5e88b6dd9a26\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.3-2ubuntu3.1_all.deb\n Size/MD5: 27294 5873371bf57e765fd69a49ab238f7f5f\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_amd64.udeb\n Size/MD5: 208924 47388e6df5a8a88758f893f0157f7a49\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_amd64.deb\n Size/MD5: 273438 3e968127e7212b682e23422ccd498a51\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_amd64.deb\n Size/MD5: 335524 c2231ce6ce81fa1a61f33b50879ea8e7\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_amd64.deb\n Size/MD5: 127748 31baa39d20b53e7200b146bb5e1dbc7a\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_amd64.deb\n Size/MD5: 396594 05f2652d1223dbbf59bcfdb86503ec81\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_amd64.deb\n Size/MD5: 126830 2017ee773f9e4c4136e6604003978a72\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_amd64.deb\n Size/MD5: 349758 3a07e9f0c5b36e05024e98f2e01e7a36\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_i386.udeb\n Size/MD5: 191468 7efe2e4b59392afda8ef1c8d69aa04cd\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_i386.deb\n Size/MD5: 256600 1b24883c7ee056fcbcda20cc1d82673e\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_i386.deb\n Size/MD5: 318512 8ad3080333f5d86ad40548de9cfced43\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_i386.deb\n Size/MD5: 118816 c679db32ae992ca9f6fc5473e81df94a\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_i386.deb\n Size/MD5: 376744 e3b708777fcd15c84240e43bf08b5d7e\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_i386.deb\n Size/MD5: 117698 b0dfb728d6d9f69c9af3910744b1fbb8\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_i386.deb\n Size/MD5: 328168 617edc965494055443d2c43326c411d7\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_armel.udeb\n Size/MD5: 180926 3969ae580d52c38b45d63ac388cbbe4d\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_armel.deb\n Size/MD5: 246116 4956ee0ca5be72ee8ece1cd89ccf5082\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_armel.deb\n Size/MD5: 309348 c8567f86659a5670b6c7167a106bf71a\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_armel.deb\n Size/MD5: 115350 023f49615f6ca0a8f2367e816921fa8d\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_armel.deb\n Size/MD5: 361242 b8e92e0d7ee35dccf62349627513b3d5\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_armel.deb\n Size/MD5: 113136 ecc1eca1107bf3d2a85145c87800f0a9\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_armel.deb\n Size/MD5: 314078 a09784b9e5545593b771e8db596b70ad\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_powerpc.udeb\n Size/MD5: 200432 0db5e288252f7cec9511aeedd6328a87\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_powerpc.deb\n Size/MD5: 265410 78eb3d25b509d5d3669a33bf8603b0df\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_powerpc.deb\n Size/MD5: 327180 9d47f9f6bd35ebd5e53e68ff8cf27473\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_powerpc.deb\n Size/MD5: 121552 7d955d50534795154e471aea30341fe1\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_powerpc.deb\n Size/MD5: 385370 dd7f5ffd85a725a8cb4f8fe6a067d0bb\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_powerpc.deb\n Size/MD5: 121446 0ccdd1ca74fcd96be84596ce324f967e\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_powerpc.deb\n Size/MD5: 337410 54549752057dc73a3e35a158b871ea36\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_sparc.udeb\n Size/MD5: 212712 be3c531c2fffd6ad83501e44015a3532\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_sparc.deb\n Size/MD5: 277974 5a9ee5790cc705c845cd085c71d001b5\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_sparc.deb\n Size/MD5: 335174 22b404e90f206772c786f968392ecef1\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_sparc.deb\n Size/MD5: 121764 97643d01dd5dd3eb06859cb881312e6d\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_sparc.deb\n Size/MD5: 402564 889e3a0882bebb5b4ceb4df3c805d883\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_sparc.deb\n Size/MD5: 126888 546ab5281e2ba4672471a30fce814e36\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_sparc.deb\n Size/MD5: 353712 64fcbf89ca8fd7af9aa2a9bd66739170\n\nUpdated packages for Ubuntu 10.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu6.1.diff.gz\n Size/MD5: 151417 604106743c8429a59b9b8af55de854f7\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu6.1.dsc\n Size/MD5: 1962 792f947b2a6c3020c45ca1b56771c77e\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3.orig.tar.gz\n Size/MD5: 804097 6ee8af8b283c95b3b4db5e88b6dd9a26\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.3-2ubuntu6.1_all.deb\n Size/MD5: 27778 319b0ce429e455b13a2248cc2cbe3491\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_amd64.udeb\n Size/MD5: 208588 f4d4d2a63016b2b9960654be7c04b9c5\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_amd64.deb\n Size/MD5: 274192 4005626ae7c8ed06bf15a1e014968ebd\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_amd64.deb\n Size/MD5: 335392 3f745248ea2b2c54e1771f1789cd13dc\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_amd64.deb\n Size/MD5: 128922 dc2dd29ead86d887a22da63f27ae9692\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_amd64.deb\n Size/MD5: 398270 ffd780e99cb19cc3884703ec930a68cb\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_amd64.deb\n Size/MD5: 126752 a4d3f03e0855ce6ef4cf6a75f33198d1\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_amd64.deb\n Size/MD5: 349942 430e5e501488da92c3b4e2f2a685912a\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_i386.udeb\n Size/MD5: 190312 23ced3137d0e056d9ce13dd41e656af3\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_i386.deb\n Size/MD5: 255768 07cfc1c5db7b6d8585e9a00513699049\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_i386.deb\n Size/MD5: 317854 f9a58ae40c5f2645e17e2a9349f07edf\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_i386.deb\n Size/MD5: 119094 9af94d26ecd3ce03c9d059ab8db5ff46\n http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_i386.deb\n Size/MD5: 376052 2dd5ab42f28d13baab1d332c92fcdbcf\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_i386.deb\n Size/MD5: 117472 9638997daef5f353621a3adea0f054d5\n http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_i386.deb\n Size/MD5: 327368 93d8a202391be7d55484901a7fa00f09\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_armel.udeb\n Size/MD5: 191162 ea1961dc40672d12302dcb3e0ae62c44\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_armel.deb\n Size/MD5: 256344 fd6d84d8ca333a1e0cc0efc4c26df7cb\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_armel.deb\n Size/MD5: 319110 4ed5fb07ce8a4997c1132f96e4c29e39\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_armel.deb\n Size/MD5: 118586 ade0a8cfa1217ae39ff58bea47e4faa0\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_armel.deb\n Size/MD5: 377976 7f26e7b4442f8b17b8178fc7b44e6720\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_armel.deb\n Size/MD5: 118802 ee96894319dbf620dbf981a2493cefa0\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_armel.deb\n Size/MD5: 328204 3a65c3fb55385716b19bbb6fce72ab07\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_powerpc.udeb\n Size/MD5: 199526 1a984e2503c1a015134cf94e273b768a\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_powerpc.deb\n Size/MD5: 264952 7a2139af6f6681dae88cd826c04ce61e\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_powerpc.deb\n Size/MD5: 326646 8a1aaf899283814de8b8bcca6125576d\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_powerpc.deb\n Size/MD5: 121952 90719742a1e133ae5edb9c5d6e72ad06\n http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_powerpc.deb\n Size/MD5: 384922 1cb9a8d40d9405b061b28cd2236d3acd\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_powerpc.deb\n Size/MD5: 121542 81b420f37a81e5a05e5aadeaf1cb47c3\n http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_powerpc.deb\n Size/MD5: 336918 26cba2f6096556526ce2a64556f571e5\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0997"
},
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "BID",
"id": "47176"
},
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "PACKETSTORM",
"id": "100277"
},
{
"db": "PACKETSTORM",
"id": "119354"
},
{
"db": "PACKETSTORM",
"id": "111029"
},
{
"db": "PACKETSTORM",
"id": "106987"
},
{
"db": "PACKETSTORM",
"id": "100583"
},
{
"db": "PACKETSTORM",
"id": "101866"
},
{
"db": "PACKETSTORM",
"id": "100298"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#107886",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2011-0997",
"trust": 2.9
},
{
"db": "JUNIPER",
"id": "JSA10761",
"trust": 1.4
},
{
"db": "BID",
"id": "47176",
"trust": 1.4
},
{
"db": "VUPEN",
"id": "ADV-2011-1000",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0909",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0915",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0926",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0965",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0879",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0886",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44103",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44127",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44037",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44048",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44180",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44089",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44090",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1025300",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "71493",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "37623",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2011-0997",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100277",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119354",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111029",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100583",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101866",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100298",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "BID",
"id": "47176"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "PACKETSTORM",
"id": "100277"
},
{
"db": "PACKETSTORM",
"id": "119354"
},
{
"db": "PACKETSTORM",
"id": "111029"
},
{
"db": "PACKETSTORM",
"id": "106987"
},
{
"db": "PACKETSTORM",
"id": "100583"
},
{
"db": "PACKETSTORM",
"id": "101866"
},
{
"db": "PACKETSTORM",
"id": "100298"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"id": "VAR-201104-0082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41252741
},
"last_update_date": "2024-07-23T21:30:23.564000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT5005",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5005"
},
{
"title": "Debian CVElist Bug Report Logs: isc-dhcp-client: CVE-2011-0997",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a3bf1099a3f6410da5cb17491cb28710"
},
{
"title": "Ubuntu Security Notice: dhcp3 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1108-2"
},
{
"title": "Ubuntu Security Notice: dhcp3 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1108-1"
},
{
"title": "Debian Security Advisories: DSA-2216-1 isc-dhcp -- missing input sanitization",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9079594e67dfba2ce5fd90c652ce64af"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2011-2716 udhcpc insufficient checking of DHCP options",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d937c5addcd54815f7f0480b4b3a55e2"
},
{
"title": "VMware Security Advisories: VMware ESX third party updates for Service Console packages glibc and dhcp",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=386db0c9014e75eeed9029418ea6714f"
},
{
"title": "Citrix Security Bulletins: Archive: Citrix XenServer Multiple Security Updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=30a988053a9b9c888e66371d7b3040f2"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-rce-bug-avaya-voip-phones/147122/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/avaya-voip-phones-harbored-10-year-old-vulnerability/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.kb.cert.org/vuls/id/107886"
},
{
"trust": 1.5,
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
},
{
"trust": 1.2,
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057888.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/058279.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44037"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44048"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44089"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44090"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44103"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44127"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44180"
},
{
"trust": 1.1,
"url": "http://securitytracker.com/id?1025300"
},
{
"trust": 1.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2011/dsa-2216"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2011/dsa-2217"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:073"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/71493"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0428.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0840.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/47176"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-1108-1"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0879"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0886"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0909"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0915"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0926"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0965"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/1000"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12812"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/37623/"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0997"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://jvn.jp/cert/jvnvu107886/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/cert/jvnvu309451/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0997"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0997"
},
{
"trust": 0.3,
"url": "http://lists.apple.com/archives/security-announce/2011/nov/msg00002.html"
},
{
"trust": 0.3,
"url": "https://www.isc.org/software/dhcp"
},
{
"trust": 0.3,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100143367"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx130325"
},
{
"trust": 0.3,
"url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2011-005.txt.asc"
},
{
"trust": 0.3,
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000142.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621099"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/linuxrpm-rhsa-2011-0428"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1108-2/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://ftp.isc.org/isc/dhcp/dhcp-4.1.2-p1-relnotes"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2748"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0997"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3955"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3571"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3570"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4868"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3954"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4539"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2749"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3955"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2748"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.1,
"url": "http://h18004.www1.hp.com/products/servers/management/insightcontrol_linux2/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4645"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dhcp3/3.1.3-2ubuntu6.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dhcp3/3.1.3-2ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dhcp3/3.1.2-1ubuntu7.3"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0997.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0840.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_lpia.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_lpia.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.2-1ubuntu7.2_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu6.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2-1ubuntu7.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.3-6ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg-1ubuntu9.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.3-6ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.3-2ubuntu3.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.2-1ubuntu7.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.3-6ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu3.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu3.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3-6ubuntu7.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.0.6.dfsg-1ubuntu9.2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.2-1ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.0.3-6ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.0.6.dfsg-1ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu6.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.2-1ubuntu7.2_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.0.6.dfsg-1ubuntu9.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu6.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu3.1_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-server_3.1.2-1ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu6.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu3.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu3.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.2-1ubuntu7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.6.dfsg-1ubuntu9.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.0.3-6ubuntu7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.0.6.dfsg-1ubuntu9.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.3-2ubuntu6.1_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu3.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp-client_3.1.3-2ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.1.3-2ubuntu3.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.6.dfsg-1ubuntu9.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-client-udeb_3.0.3-6ubuntu7.2_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-client-udeb_3.1.2-1ubuntu7.2_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-common_3.1.3-2ubuntu6.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-client_3.1.3-2ubuntu3.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-relay_3.1.3-2ubuntu6.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3-dev_3.1.3-2ubuntu6.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-dev_3.0.6.dfsg-1ubuntu9.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/d/dhcp3/dhcp3-relay_3.1.2-1ubuntu7.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/d/dhcp3/dhcp3_3.0.3-6ubuntu7.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp3/dhcp3-server-ldap_3.1.3-2ubuntu6.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-common_3.1.2-1ubuntu7.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/d/dhcp3/dhcp3-server_3.1.3-2ubuntu3.1_powerpc.deb"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "BID",
"id": "47176"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "PACKETSTORM",
"id": "100277"
},
{
"db": "PACKETSTORM",
"id": "119354"
},
{
"db": "PACKETSTORM",
"id": "111029"
},
{
"db": "PACKETSTORM",
"id": "106987"
},
{
"db": "PACKETSTORM",
"id": "100583"
},
{
"db": "PACKETSTORM",
"id": "101866"
},
{
"db": "PACKETSTORM",
"id": "100298"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#107886"
},
{
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"db": "BID",
"id": "47176"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"db": "PACKETSTORM",
"id": "100277"
},
{
"db": "PACKETSTORM",
"id": "119354"
},
{
"db": "PACKETSTORM",
"id": "111029"
},
{
"db": "PACKETSTORM",
"id": "106987"
},
{
"db": "PACKETSTORM",
"id": "100583"
},
{
"db": "PACKETSTORM",
"id": "101866"
},
{
"db": "PACKETSTORM",
"id": "100298"
},
{
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-04-05T00:00:00",
"db": "CERT/CC",
"id": "VU#107886"
},
{
"date": "2011-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"date": "2011-04-05T00:00:00",
"db": "BID",
"id": "47176"
},
{
"date": "2011-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"date": "2011-04-11T15:09:06",
"db": "PACKETSTORM",
"id": "100277"
},
{
"date": "2013-01-09T02:26:37",
"db": "PACKETSTORM",
"id": "119354"
},
{
"date": "2012-03-21T01:19:12",
"db": "PACKETSTORM",
"id": "111029"
},
{
"date": "2011-11-15T05:14:36",
"db": "PACKETSTORM",
"id": "106987"
},
{
"date": "2011-04-19T19:28:20",
"db": "PACKETSTORM",
"id": "100583"
},
{
"date": "2011-06-01T06:03:01",
"db": "PACKETSTORM",
"id": "101866"
},
{
"date": "2011-04-12T00:00:41",
"db": "PACKETSTORM",
"id": "100298"
},
{
"date": "2011-04-08T15:17:27.387000",
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-06T00:00:00",
"db": "CERT/CC",
"id": "VU#107886"
},
{
"date": "2020-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0997"
},
{
"date": "2016-10-26T09:06:00",
"db": "BID",
"id": "47176"
},
{
"date": "2011-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003066"
},
{
"date": "2020-04-01T13:07:53.590000",
"db": "NVD",
"id": "CVE-2011-0997"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "47176"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ISC dhclient vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#107886"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "47176"
}
],
"trust": 0.3
}
}