Executive Summary
Summary | |
---|---|
Title | ISC DHCP server vulnerability |
Informations | |||
---|---|---|---|
Name | VU#159528 | First vendor Publication | 2010-12-13 |
Vendor | VU-CERT | Last vendor Modification | 2010-12-13 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#159528ISC DHCP server vulnerabilityOverviewThe ISC DHCP server contains a vulnerability that could allow a remote attacker to cause a denial of service.I. DescriptionAccording to ISC:If a TCP connection is established to the server on a port which has been configured for communication with a failover peer, this can cause it to become non-responsive to all normal DHCP protocol traffic. The server will progress to a communications-interrupted state - but in addition will also cease to provide DHCP services to clients. The server must be restarted to resume normal operation.
Referenceshttps://www.isc.org/software/dhcp/advisories/cve-2010-3616 Thanks to Internet Systems Consortium for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/159528 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2011-09-12 | Name : Fedora Update for dhcp FEDORA-2011-10705 File : nvt/gb_fedora_2011_10705_dhcp_fc14.nasl |
2011-04-19 | Name : Fedora Update for dhcp FEDORA-2011-4897 File : nvt/gb_fedora_2011_4897_dhcp_fc14.nasl |
2011-02-04 | Name : Fedora Update for dhcp FEDORA-2011-0862 File : nvt/gb_fedora_2011_0862_dhcp_fc14.nasl |
2011-01-11 | Name : Mandriva Update for dhcp MDVSA-2011:001 (dhcp) File : nvt/gb_mandriva_MDVSA_2011_001.nasl |
2010-12-28 | Name : Fedora Update for dhcp FEDORA-2010-18856 File : nvt/gb_fedora_2010_18856_dhcp_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69795 | ISC DHCP Failover Peer Port TCP Connection Remote DoS ISC DHCP contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs within the failover peer feature when handling certain TCP traffic traffic. This may be exploited via maliciously crafted packets to the failover peer port to cause a denial of service. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-001.nasl - Type : ACT_GATHER_INFO |
2010-12-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18856.nasl - Type : ACT_GATHER_INFO |