SB2012080301 - Amazon Linux AMI update for dhcp

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2012080301

SB2012080301 - Amazon Linux AMI update for dhcp

Published: August 3, 2012

Security Bulletin ID SB2012080301
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2012-3571)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.


2) Resource management error (CVE-ID: CVE-2012-3954)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.


Remediation

Install update from vendor's website.

References