Input validation error in DHCP - CVE-2012-3955
Published: September 14, 2012 / Updated: August 4, 2020
Vulnerability identifier: #VU33931
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-3955
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
DHCP
DHCP
Software vendor:
ISC
ISC
Description
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
Remediation
Install update from vendor's website.
External links
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html
- http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html
- http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html
- http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html
- http://rhn.redhat.com/errata/RHSA-2013-0504.html
- http://secunia.com/advisories/51318
- http://security.gentoo.org/glsa/glsa-201301-06.xml
- http://www.debian.org/security/2012/dsa-2551
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:153
- http://www.securityfocus.com/bid/55530
- http://www.securitytracker.com/id?1027528
- http://www.ubuntu.com/usn/USN-1571-1
- https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of
- https://kb.isc.org/article/AA-00779