#VU45400 Input validation error in DHCP


Published: 2011-01-31 | Updated: 2020-08-11

Vulnerability identifier: #VU45400

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-0413

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
DHCP
Server applications / Other server solutions

Vendor: ISC

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.

Mitigation
Install update from vendor's website.

Vulnerable software versions

DHCP: 4.0 - 4.0.3, 4.1-esv - 4.1.2, 4.2.0

External links
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html
http://secunia.com/advisories/43006
http://secunia.com/advisories/43104
http://secunia.com/advisories/43167
http://secunia.com/advisories/43354
http://secunia.com/advisories/43613
http://securitytracker.com/id?1024999
http://www.debian.org/security/2011/dsa-2184
http://www.isc.org/software/dhcp/advisories/cve-2011-0413
http://www.kb.cert.org/vuls/id/686084
http://www.mandriva.com/security/advisories?name=MDVSA-2011:022
http://www.osvdb.org/70680
http://www.redhat.com/support/errata/RHSA-2011-0256.html
http://www.securityfocus.com/bid/46035
http://www.vupen.com/english/advisories/2011/0235
http://www.vupen.com/english/advisories/2011/0266
http://www.vupen.com/english/advisories/2011/0300
http://www.vupen.com/english/advisories/2011/0400
http://www.vupen.com/english/advisories/2011/0583
http://exchange.xforce.ibmcloud.com/vulnerabilities/64959
http://kb.isc.org/article/AA-00456

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Input validation error in ISC Dhcp