Executive Summary

Informations
Name MDVSA-2011:182 First vendor Publication 2011-12-08
Vendor Mandriva Last vendor Modification 2011-12-08
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been discovered and corrected in dhcp:

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet (CVE-2011-4539).

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:182

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14778
 
Oval ID: oval:org.mitre.oval:def:14778
Title: USN-1309-1 -- DHCP vulnerability
Description: isc-dhcp: DHCP server and client DHCP could be made to crash if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1309-1
CVE-2011-4539
 Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
 Product(s): DHCP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22104
 
Oval ID: oval:org.mitre.oval:def:22104
Title: RHSA-2011:1819: dhcp security update (Moderate)
Description: dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
Family: unix Class: patch
Reference(s): RHSA-2011:1819-01
CESA-2011:1819
CVE-2011-4539
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23611
 
Oval ID: oval:org.mitre.oval:def:23611
Title: ELSA-2011:1819: dhcp security update (Moderate)
Description: dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
Family: unix Class: patch
Reference(s): ELSA-2011:1819-01
CVE-2011-4539
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27859
 
Oval ID: oval:org.mitre.oval:def:27859
Title: DEPRECATED: ELSA-2011-1819 -- dhcp security update (moderate)
Description: [12:4.1.1-25.P1.1] - DoS due to processing certain regular expressions (CVE-2011-4539, #765682)
Family: unix Class: patch
Reference(s): ELSA-2011-1819
CVE-2011-4539
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): dhcp
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 35
Os 2
Os 2

OpenVAS Exploits

Date Description
2012-10-23 Name : Fedora Update for dhcp FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_dhcp_fc16.nasl
2012-10-03 Name : Fedora Update for dhcp FEDORA-2012-14076
File : nvt/gb_fedora_2012_14076_dhcp_fc16.nasl
2012-09-10 Name : Slackware Advisory SSA:2012-237-01 dhcp
File : nvt/esoft_slk_ssa_2012_237_01.nasl
2012-08-10 Name : Debian Security Advisory DSA 2519-1 (isc-dhcp)
File : nvt/deb_2519_1.nasl
2012-08-10 Name : Debian Security Advisory DSA 2519-2 (isc-dhcp)
File : nvt/deb_2519_2.nasl
2012-08-09 Name : Fedora Update for dhcp FEDORA-2012-11110
File : nvt/gb_fedora_2012_11110_dhcp_fc16.nasl
2012-07-30 Name : CentOS Update for dhclient CESA-2011:1819 centos6
File : nvt/gb_CESA-2011_1819_dhclient_centos6.nasl
2012-07-09 Name : RedHat Update for dhcp RHSA-2011:1819-01
File : nvt/gb_RHSA-2011_1819-01_dhcp.nasl
2012-04-02 Name : Fedora Update for dhcp FEDORA-2011-16981
File : nvt/gb_fedora_2011_16981_dhcp_fc16.nasl
2012-04-02 Name : Fedora Update for dhcp FEDORA-2012-0490
File : nvt/gb_fedora_2012_0490_dhcp_fc16.nasl
2012-01-09 Name : Fedora Update for dhcp FEDORA-2011-16976
File : nvt/gb_fedora_2011_16976_dhcp_fc15.nasl
2011-12-16 Name : Ubuntu Update for isc-dhcp USN-1309-1
File : nvt/gb_ubuntu_USN_1309_1.nasl
2011-12-09 Name : Mandriva Update for dhcp MDVSA-2011:182 (dhcp)
File : nvt/gb_mandriva_MDVSA_2011_182.nasl
0000-00-00 Name : FreeBSD Ports: isc-dhcp42-server
File : nvt/freebsd_isc-dhcp42-server.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77584 ISC DHCP Regular Expressions dhcpd.conf DHCP Request Packet Parsing Remote DoS

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_isc-dhcp_20120404.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1850.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_dhcp-111209.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_dhcp-111209.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-71.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2011-68.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-31.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1819.nasl - Type : ACT_GATHER_INFO
2013-01-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-06.nasl - Type : ACT_GATHER_INFO
2012-08-27 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2012-237-01.nasl - Type : ACT_GATHER_INFO
2012-08-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2519.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111214_dhcp_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-16976.nasl - Type : ACT_GATHER_INFO
2011-12-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1819.nasl - Type : ACT_GATHER_INFO
2011-12-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1309-1.nasl - Type : ACT_GATHER_INFO
2011-12-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1819.nasl - Type : ACT_GATHER_INFO
2011-12-15 Name : The remote Fedora host is missing a security update.
File : fedora_2011-16981.nasl - Type : ACT_GATHER_INFO
2011-12-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-182.nasl - Type : ACT_GATHER_INFO
2011-12-08 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_93be487e211f11e189b4001ec9578670.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:42:36
  • Multiple Updates