Published: 25/07/2012 Updated: 01/04/2020

CVSS v2 Base Score: 6.1 | Impact Score: 6.9 | Exploitability Score: 6.5

VMScore: 615

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C

ISC DHCP 4.1.2 up to and including 4.2.4 and 4.1-ESV prior to 4.1-ESV-R6 allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc dhcp 4.1.2
isc dhcp 4.2.0
isc dhcp 4.2.1
isc dhcp 4.2.2
isc dhcp 4.2.3
isc dhcp 4.2.4
isc dhcp 4.1-esv
canonical ubuntu linux 11.04
canonical ubuntu linux 11.10
canonical ubuntu linux 12.04
debian debian linux 6.0
debian debian linux 7.0

Debian Bug report logs - #686174 isc-dhcp: CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 Package: isc-dhcp; Maintainer for isc-dhcp is Debian ISC DHCP Maintainers <isc-dhcp@packagesdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 29 Aug 2012 14:21:02 UTC Severity: grave Tags: patch, security Fix ...

DHCP could be made to crash if it received specially crafted network traffic ...

Synopsis Moderate: dhcp security update Type/Severity Security Advisory: Moderate Topic Updated dhcp packages that fix one security issue are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability Scoring ...

Synopsis Moderate: dhcp security update Type/Severity Security Advisory: Moderate Topic Updated dhcp packages that fix three security issues are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scorin ...

Several security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, have been discovered Additionally, the latest security update for isc-dhcp, DSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954 This has been addressed in this additional update CVE-2011-4539 BlueCat Networks disc ...

A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time (CVE-2012-3571) Two memory leak flaws were found in the dhcpd daemon A ...

source: wwwsecurityfocuscom/bid/54665/info ISC DHCP is prone to multiple denial-of-service vulnerabilities An attacker can exploit these issues to cause the affected application to crash, resulting in a denial-of-service condition #!/usr/bin/python ''' SC DHCP 412 <> 424 and 41-ESV <> 41-ESV-R6 remote denial of ...

CWE-119 https://kb.isc.org/article/AA-00712 http://rhn.redhat.com/errata/RHSA-2012-1140.html http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html http://www.ubuntu.com/usn/USN-1519-1 http://www.debian.org/security/2012/dsa-2516 http://rhn.redhat.com/errata/RHSA-2012-1141.html http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/54665 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686174 https://usn.ubuntu.com/1519-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/37538/

CVE-2012-3571

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect