Input validation error in ISC Dhcp

1) Input validation error

EUVDB-ID: #VU33931

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-3955

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DHCP: 4.1.0 - 4.1.2

CPE2.3

• cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*

External links

https://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html
https://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html
https://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html
https://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html
https://rhn.redhat.com/errata/RHSA-2013-0504.html
https://secunia.com/advisories/51318
https://security.gentoo.org/glsa/glsa-201301-06.xml
https://www.debian.org/security/2012/dsa-2551
https://www.mandriva.com/security/advisories?name=MDVSA-2012:153
https://www.securityfocus.com/bid/55530
https://www.securitytracker.com/id?1027528
https://www.ubuntu.com/usn/USN-1571-1
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of
https://kb.isc.org/article/AA-00779

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.