Exploit the possiblities
Showing 1 - 10 of 10 RSS Feed

CVE-2012-3571

Status Candidate

Overview

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.

Related Files

Gentoo Linux Security Advisory 201301-06
Posted Jan 9, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201301-6 - Multiple vulnerabilities have been found in ISC DHCP, the worst of which may allow remote Denial of Service. Versions less than 4.2.4_p2 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2011-0997, CVE-2011-2748, CVE-2011-2749, CVE-2011-4539, CVE-2011-4868, CVE-2012-3570, CVE-2012-3571, CVE-2012-3954, CVE-2012-3955
MD5 | ac6c1cdcdb260a60ea33f01cd8f575d6
Debian Security Advisory 2519-2
Posted Aug 4, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2519-2 - It was discovered that the recent update for isc-dhcp, did not contain the patched code included in the source package. Due to quirk in the build system those patches were deapplied during the build process.

tags | advisory
systems | linux, debian
advisories | CVE-2011-4539, CVE-2012-3571, CVE-2012-3954
MD5 | c5916597a21533fdfb1e3245d73547d0
Red Hat Security Advisory 2012-1141-01
Posted Aug 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1141-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests.

tags | advisory, remote, denial of service, protocol, memory leak
systems | linux, redhat
advisories | CVE-2012-3571, CVE-2012-3954
MD5 | c9da33843699668bd16e0b1663972152
Red Hat Security Advisory 2012-1140-01
Posted Aug 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1140-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of this issue.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2012-3571
MD5 | 23743cbabe11b79d8a26732e8b0f6317
Debian Security Advisory 2519-1
Posted Aug 2, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2519-1 - Several security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, have been discovered. Additionally, the latest security update for isc-dhcp, DSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed in this additional update.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-4539, CVE-2012-3571, CVE-2012-3954
MD5 | 9809d9fb5ab7de7ca4c84c1abd546a24
SC DHCP 4.1.2 Denial Of Service
Posted Jul 29, 2012
Authored by K1P0D

Proof of concept denial of service exploit for the zero length client id infinite loop vulnerability in DHCP version 4.1.2.

tags | exploit, denial of service, proof of concept
advisories | CVE-2012-3571
MD5 | acd26c3b35f867f8759ed93617b5abaf
Mandriva Linux Security Advisory 2012-116
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-116 - An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been patched to correct these issues.

tags | advisory, memory leak
systems | linux, mandriva
advisories | CVE-2012-3571, CVE-2012-3954
MD5 | 8b3cbe9c81ae315761885e0079613fc8
Mandriva Linux Security Advisory 2012-115
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-115 - An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server. An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been upgraded to the latest version which is not affected by these issues.

tags | advisory, denial of service, memory leak
systems | linux, mandriva
advisories | CVE-2012-3570, CVE-2012-3571, CVE-2012-3954
MD5 | b8bec5432648e11ee761ae836102755b
Ubuntu Security Notice USN-1519-1
Posted Jul 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1519-1 - Markus Hietava discovered that the DHCP server incorrectly handled certain malformed client identifiers. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. Glen Eustace discovered that the DHCP server incorrectly handled memory. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-3571, CVE-2012-3954, CVE-2012-3571, CVE-2012-3954
MD5 | 63b6d994154e23aa406b1747f3227794
Debian Security Advisory 2516-1
Posted Jul 27, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2516-1 - Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3571, CVE-2012-3954
MD5 | b5069f4092d4a796bec29a2f0d40d4cb
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close