ID CVE-2010-2156
Summary ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
References
Vulnerable Configurations
  • ISC DHCP 4.1.0
    cpe:2.3:a:isc:dhcp:4.1.0
  • ISC DHCP 4.1.1
    cpe:2.3:a:isc:dhcp:4.1.1
  • ISC DHCP 4.1.1b1
    cpe:2.3:a:isc:dhcp:4.1.1:b1
  • ISC DHCP 4.1.1b2
    cpe:2.3:a:isc:dhcp:4.1.1:b2
  • ISC DHCP 4.1.1b3
    cpe:2.3:a:isc:dhcp:4.1.1:b3
  • ISC DHCP 4.1.1 release candidate 1
    cpe:2.3:a:isc:dhcp:4.1.1:rc1
  • ISC DHCP 4.0.0
    cpe:2.3:a:isc:dhcp:4.0.0
  • cpe:2.3:a:isc:dhcp:4.0.1:b1
    cpe:2.3:a:isc:dhcp:4.0.1:b1
  • cpe:2.3:a:isc:dhcp:4.0.1:rc1
    cpe:2.3:a:isc:dhcp:4.0.1:rc1
  • ISC DHCP 4.0.1
    cpe:2.3:a:isc:dhcp:4.0.1
  • cpe:2.3:a:isc:dhcp:4.0.2:b1
    cpe:2.3:a:isc:dhcp:4.0.2:b1
  • cpe:2.3:a:isc:dhcp:4.0.2:b2
    cpe:2.3:a:isc:dhcp:4.0.2:b2
  • cpe:2.3:a:isc:dhcp:4.0.2:b3
    cpe:2.3:a:isc:dhcp:4.0.2:b3
  • cpe:2.3:a:isc:dhcp:4.0.2:rc1
    cpe:2.3:a:isc:dhcp:4.0.2:rc1
  • ISC DHCP 4.0.2
    cpe:2.3:a:isc:dhcp:4.0.2
CVSS
Base: 5.0 (as of 08-06-2010 - 11:20)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description ISC-DHCPD Denial of Service. CVE-2010-2156. Dos exploits for multiple platform
file exploits/multiple/dos/14185.py
id EDB-ID:14185
last seen 2016-02-01
modified 2010-07-03
platform multiple
port
published 2010-07-03
reporter sid
source https://www.exploit-db.com/download/14185/
title ISC-DHCPD Denial of Service
type dos
metasploit via4
description This module performs a Denial of Service Attack against the ISC DHCP server, versions 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1. It sends out a DHCP Request message with a 0-length client_id option for an IP address on the appropriate range for the dhcp server. When ISC DHCP Server tries to hash this value it exits abnormally.
id MSF:AUXILIARY/DOS/DHCP/ISC_DHCPD_CLIENTID
last seen 2019-03-20
modified 2019-03-05
published 2011-04-11
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb
title ISC DHCP Zero Length ClientID Denial of Service Module
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-9433.NASL
    description This is a patch release of ISC DHCP 4.1.1, which contains a pair of bug fixes including one for a security related bug. http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47535
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47535
    title Fedora 13 : dhcp-4.1.1-22.P1.fc13 (2010-9433)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10083.NASL
    description Fix for CVE-2010-2156 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47209
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47209
    title Fedora 11 : dhcp-4.1.0p1-6.fc11 (2010-10083)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-114.NASL
    description A vulnerability has been found and corrected in dhcp : ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID (CVE-2010-2156). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48187
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48187
    title Mandriva Linux Security Advisory : dhcp (MDVSA-2010:114)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-9479.NASL
    description This is a patch release of ISC DHCP 4.1.1, which contains a pair of bug fixes including one for a security related bug. http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47536
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47536
    title Fedora 12 : dhcp-4.1.1-17.P1.fc12 (2010-9479)
packetstorm via4
data source https://packetstormsecurity.com/files/download/91440/iscdhcpd-dos.txt
id PACKETSTORM:91440
last seen 2016-12-05
published 2010-07-03
reporter sid
source https://packetstormsecurity.com/files/91440/ISC-DHCPd-Denial-Of-Service.html
title ISC DHCPd Denial Of Service
refmap via4
bid 40775
confirm
exploit-db 14185
fedora FEDORA-2010-9433
mandriva MDVSA-2010:114
sectrack 1024093
secunia 40116
xf dhcp-zero-length-dos(59222)
Last major update 13-07-2010 - 01:52
Published 07-06-2010 - 13:13
Last modified 16-08-2017 - 21:32
Back to Top