Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4868

Overview

Vulnerability Score 6.1 6.1
CVE Id CVE-2011-4868
Last Modified 21 Aug 2013 11:49:00
Published 14 Jan 2012 10:55:12
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4868

Summary

The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.

Vulnerable Systems

Application

  • Isc Dhcp 3.0

  • Isc Dhcp 3.0.1

  • Isc Dhcp 3.0.2

  • Isc Dhcp 3.0.3

  • Isc Dhcp 3.0.4

  • Isc Dhcp 3.0.5

  • Isc Dhcp 3.0.6

  • Isc Dhcp 3.1.0

  • Isc Dhcp 4.0.0

  • Isc Dhcp 4.1.0

  • Isc Dhcp 4.2.0

  • Isc Dhcp 4.2.1

  • Isc Dhcp 4.2.2

  • Isc Dhcp 4.2.3


References

CONFIRM - https://www.isc.org/software/dhcp/advisories/cve-2011-4868

CONFIRM - https://deepthought.isc.org/article/AA-00595

GENTOO - GLSA-201301-06


Last Updated: 27 May 2016 10:58:02