ID CVE-2012-3955
Summary ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
References
Vulnerable Configurations
  • ISC DHCP 4.1-ESV-R6
    cpe:2.3:a:isc:dhcp:4.1-esv:r6
  • ISC DHCP 4.1-ESV-R5
    cpe:2.3:a:isc:dhcp:4.1-esv:r5
  • ISC DHCP 4.1-ESV R2
    cpe:2.3:a:isc:dhcp:4.1-esv:r2
  • ISC DHCP 4.1-ESV R1
    cpe:2.3:a:isc:dhcp:4.1-esv:r1
  • ISC DHCP 4.1-ESV-R5b1
    cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1
  • ISC DHCP 4.1-ESV-R4
    cpe:2.3:a:isc:dhcp:4.1-esv:r4
  • ISC DHCP 4.1-ESV R3
    cpe:2.3:a:isc:dhcp:4.1-esv:r3
  • ISC DHCP 4.1-ESV R3 b1
    cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1
  • ISC DHCP 4.1-ESV
    cpe:2.3:a:isc:dhcp:4.1-esv
  • ISC DHCP 4.1.2
    cpe:2.3:a:isc:dhcp:4.1.2
  • ISC DHCP 4.1.1b1
    cpe:2.3:a:isc:dhcp:4.1.1:b1
  • ISC DHCP 4.1.1b2
    cpe:2.3:a:isc:dhcp:4.1.1:b2
  • ISC DHCP 4.1.1
    cpe:2.3:a:isc:dhcp:4.1.1
  • ISC DHCP 4.1-ESV-R5rc1
    cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1
  • ISC DHCP 4.1-ESV-R5rc2
    cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2
  • ISC DHCP 4.1.0a1
    cpe:2.3:a:isc:dhcp:4.1.0:a1
  • ISC DHCP 4.1.0a2
    cpe:2.3:a:isc:dhcp:4.1.0:a2
  • ISC DHCP 4.1.2 Release Candidate 1
    cpe:2.3:a:isc:dhcp:4.1.2:rc1
  • ISC DHCP 4.1.2-p1
    cpe:2.3:a:isc:dhcp:4.1.2:p1
  • ISC DHCP 4.1.2-b1
    cpe:2.3:a:isc:dhcp:4.1.2:b1
  • ISC DHCP 4.1-ESV Release Candidate 1
    cpe:2.3:a:isc:dhcp:4.1-esv:rc1
  • ISC DHCP 4.1.0
    cpe:2.3:a:isc:dhcp:4.1.0
  • ISC DHCP 4.1.0b1
    cpe:2.3:a:isc:dhcp:4.1.0:b1
  • ISC DHCP 4.1.1 release candidate 1
    cpe:2.3:a:isc:dhcp:4.1.1:rc1
  • ISC DHCP 4.1.1b3
    cpe:2.3:a:isc:dhcp:4.1.1:b3
CVSS
Base: 7.1 (as of 14-09-2012 - 09:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-153.NASL
    description A security issue was identified and fixed in dhcp : ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced (CVE-2012-3955). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 62402
    published 2012-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62402
    title Mandriva Linux Security Advisory : dhcp (MDVSA-2012:153-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-13910.NASL
    description This is security bugfix release fixing a security vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-01-17
    plugin id 62167
    published 2012-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62167
    title Fedora 18 : dhcp-4.2.4-15.P2.fc18 (2012-13910)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_DHCP-120917.NASL
    description This update to ISC dhcp-4.2.4-P2 release provides a security fix for an issue with the use of lease times. Making certain changes to the end time of an IPv6 lease could cause the server to abort. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. CVE-2012-3955 has been assigned to this issue.
    last seen 2019-02-21
    modified 2016-01-17
    plugin id 64124
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64124
    title SuSE 11.2 Security Update : dhcp (SAT Patch Number 6831)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2012-258-01.NASL
    description New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2016-05-12
    plugin id 62102
    published 2012-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62102
    title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : dhcp (SSA:2012-258-01)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-157.NASL
    description A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. (CVE-2012-3955)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69716
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69716
    title Amazon Linux AMI : dhcp (ALAS-2013-157)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_ISC-DHCP_20130129.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. (CVE-2012-3955)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80648
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80648
    title Oracle Solaris Third-Party Patch Update : isc-dhcp (cve_2012_3955_denial_of)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130221_DHCP_ON_SL6_X.NASL
    description A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. (CVE-2012-3955) This update also fixes the following bugs : - Prior to this update, the DHCP server discovered only the first IP address of a network interface if the network interface had more than one configured IP address. As a consequence, the DHCP server failed to restart if the server was configured to serve only a subnet of the following IP addresses. This update modifies network interface addresses discovery code to find all addresses of a network interface. The DHCP server can also serve subnets of other addresses. - Prior to this update, the dhclient rewrote the /etc/resolv.conf file with backup data after it was stopped even when the PEERDNS flag was set to 'no' before shut down if the configuration file was changed while the dhclient ran with PEERDNS=yes. This update removes the backing up and restoring functions for this configuration file from the dhclient-script. Now, the dhclient no longer rewrites the /etc/resolv.conf file when stopped. After installing this update, all DHCP servers will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 64949
    published 2013-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64949
    title Scientific Linux Security Update : dhcp on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-642.NASL
    description - Update to ISC dhcp-4.2.4-P2 release, providing a security fix for an issue with the use of lease times was found and fixed. Making certain changes to the end time of an IPv6 lease could cause the server to abort. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. ([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74764
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74764
    title openSUSE Security Update : dhcp (openSUSE-SU-2012:1254-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-14076.NASL
    description This is security bugfix release fixing a security vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 62397
    published 2012-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62397
    title Fedora 16 : dhcp-4.2.4-1.P2.fc16 (2012-14076)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-06 (ISC DHCP: Denial of Service) Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details. Impact : The vulnerabilities might allow remote attackers to execute arbitrary code or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 63440
    published 2013-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63440
    title GLSA-201301-06 : ISC DHCP: Denial of Service
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2551.NASL
    description Glen Eustace discovered that the ISC DHCP server, a server for automatic IP address assignment, is not properly handling changes in the expiration times of a lease. An attacker may use this flaw to crash the service and cause denial of service conditions, by reducing the expiration time of an active IPv6 lease.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62225
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62225
    title Debian DSA-2551-1 : isc-dhcp - denial of service
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-14149.NASL
    description This is security bugfix release fixing a security vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 62333
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62333
    title Fedora 17 : dhcp-4.2.4-13.P2.fc17 (2012-14149)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0504.NASL
    description From Red Hat Security Advisory 2013:0504 : Updated dhcp packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The dhcp packages provide the Dynamic Host Configuration Protocol (DHCP) that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. (CVE-2012-3955) This update also fixes the following bugs : * Prior to this update, the DHCP server discovered only the first IP address of a network interface if the network interface had more than one configured IP address. As a consequence, the DHCP server failed to restart if the server was configured to serve only a subnet of the following IP addresses. This update modifies network interface addresses discovery code to find all addresses of a network interface. The DHCP server can also serve subnets of other addresses. (BZ#803540) * Prior to this update, the dhclient rewrote the /etc/resolv.conf file with backup data after it was stopped even when the PEERDNS flag was set to 'no' before shut down if the configuration file was changed while the dhclient ran with PEERDNS=yes. This update removes the backing up and restoring functions for this configuration file from the dhclient-script. Now, the dhclient no longer rewrites the /etc/resolv.conf file when stopped. (BZ#824622) All users of DHCP are advised to upgrade to these updated packages, which fix these issues. After installing this update, all DHCP servers will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68744
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68744
    title Oracle Linux 6 : dhcp (ELSA-2013-0504)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0504.NASL
    description Updated dhcp packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The dhcp packages provide the Dynamic Host Configuration Protocol (DHCP) that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. (CVE-2012-3955) This update also fixes the following bugs : * Prior to this update, the DHCP server discovered only the first IP address of a network interface if the network interface had more than one configured IP address. As a consequence, the DHCP server failed to restart if the server was configured to serve only a subnet of the following IP addresses. This update modifies network interface addresses discovery code to find all addresses of a network interface. The DHCP server can also serve subnets of other addresses. (BZ#803540) * Prior to this update, the dhclient rewrote the /etc/resolv.conf file with backup data after it was stopped even when the PEERDNS flag was set to 'no' before shut down if the configuration file was changed while the dhclient ran with PEERDNS=yes. This update removes the backing up and restoring functions for this configuration file from the dhclient-script. Now, the dhclient no longer rewrites the /etc/resolv.conf file when stopped. (BZ#824622) All users of DHCP are advised to upgrade to these updated packages, which fix these issues. After installing this update, all DHCP servers will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65139
    published 2013-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65139
    title CentOS 6 : dhcp (CESA-2013:0504)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-629.NASL
    description - Update to ISC dhcp-4.2.4-P2 release, providing a security fix for an issue with the use of lease times was found and fixed. Making certain changes to the end time of an IPv6 lease could cause the server to abort. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. ([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74763
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74763
    title openSUSE Security Update : dhcp (openSUSE-SU-2012:1234-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-643.NASL
    description - Update to ISC dhcp-4.2.4-P2 release, providing a security fix for an issue with the use of lease times was found and fixed. Making certain changes to the end time of an IPv6 lease could cause the server to abort. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. ([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74765
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74765
    title openSUSE Security Update : dhcp (openSUSE-SU-2012:1252-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1571-1.NASL
    description Glen Eustace discovered that the DHCP server incorrectly handled IPv6 expiration times. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. This issue only affected Ubuntu 11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3955) Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped by using environment variables. This update mitigates the issue by sanitizing certain variables in the DHCP shell scripts. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62180
    published 2012-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62180
    title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : dhcp3, isc-dhcp vulnerability (USN-1571-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0504.NASL
    description Updated dhcp packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The dhcp packages provide the Dynamic Host Configuration Protocol (DHCP) that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. (CVE-2012-3955) This update also fixes the following bugs : * Prior to this update, the DHCP server discovered only the first IP address of a network interface if the network interface had more than one configured IP address. As a consequence, the DHCP server failed to restart if the server was configured to serve only a subnet of the following IP addresses. This update modifies network interface addresses discovery code to find all addresses of a network interface. The DHCP server can also serve subnets of other addresses. (BZ#803540) * Prior to this update, the dhclient rewrote the /etc/resolv.conf file with backup data after it was stopped even when the PEERDNS flag was set to 'no' before shut down if the configuration file was changed while the dhclient ran with PEERDNS=yes. This update removes the backing up and restoring functions for this configuration file from the dhclient-script. Now, the dhclient no longer rewrites the /etc/resolv.conf file when stopped. (BZ#824622) All users of DHCP are advised to upgrade to these updated packages, which fix these issues. After installing this update, all DHCP servers will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64755
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64755
    title RHEL 6 : dhcp (RHSA-2013:0504)
redhat via4
advisories
bugzilla
id 856766
title CVE-2012-3955 dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment dhclient is earlier than 12:4.1.1-34.P1.el6
        oval oval:com.redhat.rhsa:tst:20130504011
      • comment dhclient is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100923008
    • AND
      • comment dhcp is earlier than 12:4.1.1-34.P1.el6
        oval oval:com.redhat.rhsa:tst:20130504005
      • comment dhcp is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100923006
    • AND
      • comment dhcp-common is earlier than 12:4.1.1-34.P1.el6
        oval oval:com.redhat.rhsa:tst:20130504009
      • comment dhcp-common is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111819010
    • AND
      • comment dhcp-devel is earlier than 12:4.1.1-34.P1.el6
        oval oval:com.redhat.rhsa:tst:20130504007
      • comment dhcp-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100923010
rhsa
id RHSA-2013:0504
released 2013-02-21
severity Low
title RHSA-2013:0504: dhcp security and bug fix update (Low)
rpms
  • dhclient-12:4.1.1-34.P1.el6
  • dhcp-12:4.1.1-34.P1.el6
  • dhcp-common-12:4.1.1-34.P1.el6
  • dhcp-devel-12:4.1.1-34.P1.el6
refmap via4
bid 55530
confirm
debian DSA-2551
fedora
  • FEDORA-2012-13910
  • FEDORA-2012-14076
  • FEDORA-2012-14149
gentoo GLSA-201301-06
mandriva MDVSA-2012:153
sectrack 1027528
secunia 51318
suse
  • openSUSE-SU-2012:1234
  • openSUSE-SU-2012:1252
  • openSUSE-SU-2012:1254
ubuntu USN-1571-1
Last major update 21-08-2013 - 23:57
Published 14-09-2012 - 06:33
Back to Top