Executive Summary

Informations
Name CVE-2011-0413 First vendor Publication 2011-01-31
Vendor Cve Last vendor Modification 2020-04-01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0413

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12965
 
Oval ID: oval:org.mitre.oval:def:12965
Title: DSA-2184-1 isc-dhcp -- denial of service
Description: It was discovered that the ISC DHCPv6 server does not correctly process requests which come from unexpected source addresses, leading to an assertion failure and a daemon crash. The oldstable distribution is not affected by this problem.
Family: unix Class: patch
Reference(s): DSA-2184-1
CVE-2011-0413
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): isc-dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21503
 
Oval ID: oval:org.mitre.oval:def:21503
Title: RHSA-2011:0256: dhcp security update (Moderate)
Description: The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
Family: unix Class: patch
Reference(s): RHSA-2011:0256-01
CVE-2011-0413
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23094
 
Oval ID: oval:org.mitre.oval:def:23094
Title: ELSA-2011:0256: dhcp security update (Moderate)
Description: The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
Family: unix Class: patch
Reference(s): ELSA-2011:0256-01
CVE-2011-0413
Version: 6
Platform(s): Oracle Linux 6
Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28156
 
Oval ID: oval:org.mitre.oval:def:28156
Title: DEPRECATED: ELSA-2011-0256 -- dhcp security update (moderate)
Description: [12:4.1.1-12.P1.2] - CVE-2011-0413: Unexpected abort caused by a DHCPv6 decline message (#672994)
Family: unix Class: patch
Reference(s): ELSA-2011-0256
CVE-2011-0413
Version: 4
Platform(s): Oracle Linux 6
Product(s): dhcp
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 29

OpenVAS Exploits

Date Description
2012-06-05 Name : RedHat Update for dhcp RHSA-2011:0256-01
File : nvt/gb_RHSA-2011_0256-01_dhcp.nasl
2011-09-12 Name : Fedora Update for dhcp FEDORA-2011-10705
File : nvt/gb_fedora_2011_10705_dhcp_fc14.nasl
2011-04-21 Name : Fedora Update for dhcp FEDORA-2011-0848
File : nvt/gb_fedora_2011_0848_dhcp_fc13.nasl
2011-04-19 Name : Fedora Update for dhcp FEDORA-2011-4897
File : nvt/gb_fedora_2011_4897_dhcp_fc14.nasl
2011-03-09 Name : Debian Security Advisory DSA 2184-1 (isc-dhcp)
File : nvt/deb_2184_1.nasl
2011-03-05 Name : FreeBSD Ports: isc-dhcp41-server
File : nvt/freebsd_isc-dhcp41-server0.nasl
2011-02-11 Name : Mandriva Update for dhcp MDVSA-2011:022 (dhcp)
File : nvt/gb_mandriva_MDVSA_2011_022.nasl
2011-02-04 Name : Fedora Update for dhcp FEDORA-2011-0862
File : nvt/gb_fedora_2011_0862_dhcp_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70680 ISC DHCP DHCPv6 Message Declined Address Remote DoS

ISC DHCP contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs while processing a previously declined address's DHCPv6 messages, which may be exploited to cause an assertion failure denial of service.

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_dhcp-110203.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0256.nasl - Type : ACT_GATHER_INFO
2011-04-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0848.nasl - Type : ACT_GATHER_INFO
2011-03-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2184.nasl - Type : ACT_GATHER_INFO
2011-02-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0256.nasl - Type : ACT_GATHER_INFO
2011-02-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-022.nasl - Type : ACT_GATHER_INFO
2011-02-02 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0862.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_dc9f83352b3b11e0a91b00e0815b8da8.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/46035
CERT-VN http://www.kb.cert.org/vuls/id/686084
CONFIRM http://www.isc.org/software/dhcp/advisories/cve-2011-0413
https://kb.isc.org/article/AA-00456
DEBIAN http://www.debian.org/security/2011/dsa-2184
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2011-February/05364...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:022
OSVDB http://www.osvdb.org/70680
REDHAT http://www.redhat.com/support/errata/RHSA-2011-0256.html
SECTRACK http://securitytracker.com/id?1024999
SECUNIA http://secunia.com/advisories/43006
http://secunia.com/advisories/43104
http://secunia.com/advisories/43167
http://secunia.com/advisories/43354
http://secunia.com/advisories/43613
VUPEN http://www.vupen.com/english/advisories/2011/0235
http://www.vupen.com/english/advisories/2011/0266
http://www.vupen.com/english/advisories/2011/0300
http://www.vupen.com/english/advisories/2011/0400
http://www.vupen.com/english/advisories/2011/0583
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/64959

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:15:22
  • Multiple Updates
2021-04-22 01:16:56
  • Multiple Updates
2020-05-23 00:27:39
  • Multiple Updates
2017-08-17 09:23:15
  • Multiple Updates
2016-11-30 09:24:18
  • Multiple Updates
2016-06-28 18:31:08
  • Multiple Updates
2016-04-26 20:29:58
  • Multiple Updates
2014-06-14 13:30:06
  • Multiple Updates
2014-02-17 10:59:58
  • Multiple Updates
2013-05-10 22:53:14
  • Multiple Updates