Executive Summary

Summary
Title ISC DHCP server DHCPv6 decline message processing vulnerability
Informations
Name VU#686084 First vendor Publication 2011-01-27
Vendor VU-CERT Last vendor Modification 2011-01-28
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#686084

ISC DHCP server DHCPv6 decline message processing vulnerability

Overview

ISC DHCPv6 versions 4.0.x - 4.2.x are susceptible to a denial-of-service vulnerability.

I. Description

The ISC Advisory states:

"When the DHCPv6 server code processes a message for an address that was previously declined and internally tagged as abandoned it can trigger an assert failure resulting in the server crashing. This could be used to crash DHCPv6 servers remotely. This issue only affects DHCPv6 servers. DHCPv4 servers are unaffected."

II. Impact

A remote attacker may cause a denial of service.

III. Solution

Upgrade

Upgrade to 4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1

Vendor Information

VendorStatusDate NotifiedDate Updated
Internet Systems ConsortiumAffected2011-01-242011-01-26

References

https://lists.isc.org/pipermail/isc-os-security/2011-January/000000.html
http://www.isc.org/software/dhcp/advisories/cve-2011-0413

Credit

Thanks to Larissa Shapiro for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:2011-01-26
Date First Published:2011-01-27
Date Last Updated:2011-01-28
CERT Advisory: 
CVE-ID(s):CVE-2011-0413
NVD-ID(s):CVE-2011-0413
US-CERT Technical Alerts: 
Severity Metric:0.95
Document Revision:10

Original Source

Url : http://www.kb.cert.org/vuls/id/686084

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12965
 
Oval ID: oval:org.mitre.oval:def:12965
Title: DSA-2184-1 isc-dhcp -- denial of service
Description: It was discovered that the ISC DHCPv6 server does not correctly process requests which come from unexpected source addresses, leading to an assertion failure and a daemon crash. The oldstable distribution is not affected by this problem.
Family: unix Class: patch
Reference(s): DSA-2184-1
CVE-2011-0413
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): isc-dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21503
 
Oval ID: oval:org.mitre.oval:def:21503
Title: RHSA-2011:0256: dhcp security update (Moderate)
Description: The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
Family: unix Class: patch
Reference(s): RHSA-2011:0256-01
CVE-2011-0413
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23094
 
Oval ID: oval:org.mitre.oval:def:23094
Title: ELSA-2011:0256: dhcp security update (Moderate)
Description: The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
Family: unix Class: patch
Reference(s): ELSA-2011:0256-01
CVE-2011-0413
Version: 6
Platform(s): Oracle Linux 6
Product(s): dhcp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28156
 
Oval ID: oval:org.mitre.oval:def:28156
Title: DEPRECATED: ELSA-2011-0256 -- dhcp security update (moderate)
Description: [12:4.1.1-12.P1.2] - CVE-2011-0413: Unexpected abort caused by a DHCPv6 decline message (#672994)
Family: unix Class: patch
Reference(s): ELSA-2011-0256
CVE-2011-0413
Version: 4
Platform(s): Oracle Linux 6
Product(s): dhcp
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 29

OpenVAS Exploits

Date Description
2012-06-05 Name : RedHat Update for dhcp RHSA-2011:0256-01
File : nvt/gb_RHSA-2011_0256-01_dhcp.nasl
2011-09-12 Name : Fedora Update for dhcp FEDORA-2011-10705
File : nvt/gb_fedora_2011_10705_dhcp_fc14.nasl
2011-04-21 Name : Fedora Update for dhcp FEDORA-2011-0848
File : nvt/gb_fedora_2011_0848_dhcp_fc13.nasl
2011-04-19 Name : Fedora Update for dhcp FEDORA-2011-4897
File : nvt/gb_fedora_2011_4897_dhcp_fc14.nasl
2011-03-09 Name : Debian Security Advisory DSA 2184-1 (isc-dhcp)
File : nvt/deb_2184_1.nasl
2011-03-05 Name : FreeBSD Ports: isc-dhcp41-server
File : nvt/freebsd_isc-dhcp41-server0.nasl
2011-02-11 Name : Mandriva Update for dhcp MDVSA-2011:022 (dhcp)
File : nvt/gb_mandriva_MDVSA_2011_022.nasl
2011-02-04 Name : Fedora Update for dhcp FEDORA-2011-0862
File : nvt/gb_fedora_2011_0862_dhcp_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70680 ISC DHCP DHCPv6 Message Declined Address Remote DoS

ISC DHCP contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs while processing a previously declined address's DHCPv6 messages, which may be exploited to cause an assertion failure denial of service.

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_dhcp-110203.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0256.nasl - Type : ACT_GATHER_INFO
2011-04-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0848.nasl - Type : ACT_GATHER_INFO
2011-03-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2184.nasl - Type : ACT_GATHER_INFO
2011-02-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0256.nasl - Type : ACT_GATHER_INFO
2011-02-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-022.nasl - Type : ACT_GATHER_INFO
2011-02-02 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0862.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_dc9f83352b3b11e0a91b00e0815b8da8.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:08:06
  • Multiple Updates