ID CVE-2009-1892
Summary dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:dhcp:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:3.0.4_b1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:3.0.4_b1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:3.0.4_b2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:3.0.4_b2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:3.0.4_b3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:3.0.4_b3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:3.1.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-08-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 35669
debian DSA-1833
fedora
  • FEDORA-2009-8344
  • FEDORA-2009-9075
mandriva MDVSA-2009:154
secunia
  • 35830
  • 35851
  • 36457
  • 37342
xf dhcp-dhcp-dos(51717)
statements via4
contributor Mark J Cox
lastmodified 2009-07-20
organization Red Hat
statement Not vulnerable. Red Hat Enterprise Linux 3, 4, and 5 provide earlier versions of ISC DHCP which are not vulnerable to this issue.
Last major update 17-08-2017 - 01:30
Published 17-07-2009 - 16:30
Back to Top