Executive Summary
Summary | |
---|---|
Title | ISC DHCP server fails to handle zero-length client identifier |
Informations | |||
---|---|---|---|
Name | VU#541921 | First vendor Publication | 2010-07-14 |
Vendor | VU-CERT | Last vendor Modification | 2010-07-14 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#541921ISC DHCP server fails to handle zero-length client identifierOverviewA vulnerability in ISC DHCP could allow a remote attacker to cause the DHCP server to exit, resulting in a denial of service.I. DescriptionISC DHCP is a commonly redistributed reference implementation of the Dynamic Host Configuration Protocol (DHCP), including a server, client, and relay agent. The server component contains a fencepost error in the way that it handles client identifiers. As a result, a request from a client system containing a zero-length client id will cause the server to exit.ISC indicates that this vulnerability affects ISC-DHCP versions 4.0.x, 4.1.x, and 4.2.x but not 3.1.x. We are aware of publicly available exploit code for this vulnerability. Patches and updated versions of the software have been released to address this issue. Please see the Systems Affected section of this document for more information. Users who compile their DHCP software from the original source distribution should upgrade to one of the following versions: 4.1.1-P1 or 4.0.2-P1.
Referenceshttp://secunia.com/advisories/40116 Thanks to ISC for reporting this vulnerability. This document was written by Chad R Dougherty.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/541921 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-07-03 | ISC-DHCPD Denial of Service |
OpenVAS Exploits
Date | Description |
---|---|
2011-04-21 | Name : Fedora Update for dhcp FEDORA-2011-0848 File : nvt/gb_fedora_2011_0848_dhcp_fc13.nasl |
2010-11-23 | Name : Fedora Update for dhcp FEDORA-2010-17303 File : nvt/gb_fedora_2010_17303_dhcp_fc13.nasl |
2010-06-25 | Name : Fedora Update for dhcp FEDORA-2010-10083 File : nvt/gb_fedora_2010_10083_dhcp_fc11.nasl |
2010-06-25 | Name : Fedora Update for dhcp FEDORA-2010-9479 File : nvt/gb_fedora_2010_9479_dhcp_fc12.nasl |
2010-06-18 | Name : Fedora Update for dhcp FEDORA-2010-9433 File : nvt/gb_fedora_2010_9433_dhcp_fc13.nasl |
2010-06-15 | Name : Mandriva Update for dhcp MDVSA-2010:114 (dhcp) File : nvt/gb_mandriva_MDVSA_2010_114.nasl |
2010-04-09 | Name : Mandriva Update for rpmdrake MDVA-2010:114 (rpmdrake) File : nvt/gb_mandriva_MDVA_2010_114.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65246 | ISC DHCP Zero-length Client ID Remote DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | ISC DHCP server zero length client ID denial of service attempt RuleID : 18935 - Revision : 6 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-11-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17303.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-114.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10083.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9433.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9479.nasl - Type : ACT_GATHER_INFO |