Main Vulnerability Database SB2012082505

SB2012082505 - Slackware Linux update for dhcp

Published: August 25, 2012 Updated: May 6, 2017

Security Bulletin ID SB2012082505

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 vulnerabilities.

1) Input validation error (CVE-ID: CVE-2011-4539)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

2) NULL pointer dereference (CVE-ID: CVE-2011-4868)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via crafted packets related to a lease-status update.

3) Resource management error (CVE-ID: CVE-2012-3954)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

Remediation

Install update from vendor's website.

References

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.483212