ID CVE-2010-3611
Summary ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 649877
title CVE-2010-3611 dhcp: NULL pointer dereference crash via crafted DHCPv6 packet
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment dhclient is earlier than 12:4.1.1-12.P1.el6_0.1
        oval oval:com.redhat.rhsa:tst:20100923007
      • comment dhclient is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100923008
    • AND
      • comment dhcp is earlier than 12:4.1.1-12.P1.el6_0.1
        oval oval:com.redhat.rhsa:tst:20100923005
      • comment dhcp is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100923006
    • AND
      • comment dhcp-devel is earlier than 12:4.1.1-12.P1.el6_0.1
        oval oval:com.redhat.rhsa:tst:20100923009
      • comment dhcp-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100923010
rhsa
id RHSA-2010:0923
released 2010-11-30
severity Moderate
title RHSA-2010:0923: dhcp security update (Moderate)
rpms
  • dhclient-12:4.1.1-12.P1.el6_0.1
  • dhcp-12:4.1.1-12.P1.el6_0.1
  • dhcp-devel-12:4.1.1-12.P1.el6_0.1
refmap via4
bid 44615
cert-vn VU#102047
confirm
fedora
  • FEDORA-2010-17303
  • FEDORA-2010-17312
mandriva MDVSA-2010:226
osvdb 68999
secunia
  • 42082
  • 42345
  • 42407
suse SUSE-SR:2010:021
vupen
  • ADV-2010-2879
  • ADV-2010-3044
  • ADV-2010-3092
xf iscdhcp-relayforward-dos(62965)
Last major update 17-08-2017 - 01:33
Published 04-11-2010 - 18:00
Back to Top