Debian DSA-2519-2 : isc-dhcp - several vulnerabilities

NASLDB: Debian DSA-2519-2 : isc-dhcp - several vulnerabilities

General

ID: 61382
Name: Debian DSA-2519-2 : isc-dhcp – several vulnerabilities

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS Temporal Vector: –

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Several security vulnerabilities affecting ISC dhcpd, a server for
automatic IP address assignment, have been discovered. Additionally,
the latest security update for isc-dhcp, DSA-2516-1, did not properly
apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been
addressed in this additional update.

– CVE-2011-4539
BlueCat Networks discovered that it is possible to crash
DHCP servers configured to evaluate requests with
regular expressions via crafted DHCP request packets.

– CVE-2012-3571
Markus Hietava of the Codenomicon CROSS project
discovered that it is possible to force the server to
enter an infinite loop via messages with malformed
client identifiers.

– CVE-2012-3954
Glen Eustace discovered that DHCP servers running in
DHCPv6 mode and possibly DHCPv4 mode suffer of memory
leaks while processing messages. An attacker can use
this flaw to exhaust resources and perform denial of
service attacks.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2011-4539
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/08/04
Plugin Release: 2012/08/02

Plugin

Version: 1.5
Filename: debian_DSA-2519.nasl
Filesize: 4125 bytes
MD5 Hash: be616fdb3466edd6741ea57ca9e2ecc2

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG