The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of ISC DHCP

vulnerability announce CVE-2018-5733

ISC DHCP: integer overflow via dhcpd

Synthesis of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, IBM i, ISC DHCP, McAfee Web Gateway, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5733, DLA-1313-1, DSA-2019-131, DSA-4133-1, FEDORA-2018-5051dbd15e, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25402.

Description of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-5732

ISC DHCP: buffer overflow via dhclient

Synthesis of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, IBM i, ISC DHCP, McAfee Web Gateway, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5732, DLA-1313-1, DSA-2019-131, DSA-4133-1, FEDORA-2018-5051dbd15e, K08306700, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, Synology-SA-18:14, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25401.

Description of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-3144

ISC DHCP: denial of service via OMAPI Connections

Synthesis of the vulnerability

An attacker can generate a fatal error via OMAPI Connections of ISC DHCP, in order to trigger a denial of service.
Impacted products: Debian, ISC DHCP, openSUSE Leap, RHEL, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 17/01/2018.
Identifiers: CVE-2017-3144, DSA-4133-1, openSUSE-SU-2018:0537-1, RHSA-2018:0158-01, Synology-SA-18:51, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25089.

Description of the vulnerability

An attacker can generate a fatal error via OMAPI Connections of ISC DHCP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-2774

ISC DHCP: denial of service via OMAPI/failover

Synthesis of the vulnerability

A remote attacker can open numerous TCP connections to the OMAPI/failover port of ISC DHCP, in order to trigger a denial of service.
Impacted products: VNX Operating Environment, VNX Series, Fedora, ISC DHCP, openSUSE Leap, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 08/03/2016.
Identifiers: bulletinjul2016, CVE-2016-2774, DSA-2019-131, FEDORA-2016-3e64b32a91, FEDORA-2016-c93d49faf3, openSUSE-SU-2016:1843-1, RHSA-2016:2590-02, USN-3586-1, USN-3586-2, VIGILANCE-VUL-19113.

Description of the vulnerability

The ISC DHCP product uses the port tcp/7911 for OMAPI (Object Management Application Programming Interface) and the port tcp/519 for Failover.

However, there is no limit on the number of TCP connections which can be opened on the OMAPI/failover port. This leads to an assertion error via INSIST(), or to a blocked situation related to ulimit().

A remote attacker can therefore open numerous TCP connections to the OMAPI/failover port of ISC DHCP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-8605

ISC DHCP: buffer overflow of decode_udp_ip_header

Synthesis of the vulnerability

An attacker can generate a buffer overflow by sending an IPv4+UDP packet to an ISC DHCP client or server, in order to trigger a denial of service, and possibly to run code.
Impacted products: SNS, ArubaOS, Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, ISC DHCP, NETASQ, openSUSE, openSUSE Leap, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: LAN.
Creation date: 13/01/2016.
Identifiers: AA-01334, ARUBA-PSA-2016-007, CERTFR-2016-AVI-167, CVE-2015-8605, DSA-2019-131, DSA-3442-1, FEDORA-2016-0c5bb21bf1, FEDORA-2016-adb533a418, openSUSE-SU-2016:0601-1, openSUSE-SU-2016:0610-1, SOL57500018, SSA:2016-012-01, STORM-2015-018, USN-2868-1, VIGILANCE-VUL-18707.

Description of the vulnerability

The DHCP protocol uses UDP packets.

The decode_udp_ip_header() function of the common/packet.c file of ISC DHCP decodes these UDP packets. However, if the size indicated in the IPv4 header for UDP data is too large, an overflow occurs.

An attacker can therefore generate a buffer overflow by sending an IPv4+UDP packet to an ISC DHCP client or server, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-2494

ISC DHCP: denial of service of regex

Synthesis of the vulnerability

An attacker can use a special DNS record, in order to force ISC DHCP to consume large memory resources.
Impacted products: ISC DHCP, openSUSE.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 26/03/2013.
Identifiers: AA-00880, BID-58772, CVE-2013-2494, MDVSA-2013:059, openSUSE-SU-2013:0619-1, openSUSE-SU-2013:0620-1, openSUSE-SU-2013:0625-1, VIGILANCE-VUL-12573.

Description of the vulnerability

The ISC DHCP product uses BIND libdns, in order to process the Dynamic DNS protocol.

It is thus impacted by the vulnerability VIGILANCE-VUL-12572.

An attacker can therefore use a special DNS record, in order to force ISC DHCP to consume large memory resources.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-3955

ISC DHCP: denial of service via IPv6 Lease Expiration

Synthesis of the vulnerability

An attacker can send to ISC DHCP an IPv6 lease renewal query, with a malicious expiration date, in order to stop it.
Impacted products: Debian, Fedora, ISC DHCP, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: LAN.
Creation date: 13/09/2012.
Identifiers: AA-00779, BID-55530, CERTA-2012-AVI-501, CERTA-2012-AVI-679, CVE-2012-3955, DSA-2551-1, FEDORA-2012-14076, FEDORA-2012-14149, MDVSA-2012:153, MDVSA-2012:153-1, openSUSE-SU-2012:1234-1, openSUSE-SU-2012:1252-1, openSUSE-SU-2012:1254-1, RHSA-2013:0504-02, SSA:2012-258-01, SUSE-SU-2012:1327-1, VIGILANCE-VUL-11941.

Description of the vulnerability

The ISC DHCP service provides an IP address to clients, which is valid during the duration of the lease.

The client can query a lease renewal, in order to extend it. However, an IPv6 client can query a lease renewal with a short duration, so that the new ending date is anterior to the previously obtained ending date. In this case, a computation error occurs in ISC DHCP, and it stops.

An attacker can therefore send to ISC DHCP an IPv6 lease renewal query, with a malicious expiration date, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2012-3570 CVE-2012-3571 CVE-2012-3954

ISC DHCP: three vulnerabilities

Synthesis of the vulnerability

An attacker can send malicious packets to an ISC DHCP server, in order to stop it, and possibly to execute code.
Impacted products: Debian, Fedora, ISC DHCP, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/07/2012.
Identifiers: BID-54665, CERTA-2012-AVI-406, CVE-2012-3570, CVE-2012-3571, CVE-2012-3954, DSA-2516-1, DSA-2519-1, DSA-2519-2, FEDORA-2012-11079, FEDORA-2012-11110, MDVSA-2012:115, MDVSA-2012:116, openSUSE-SU-2012:1006-1, RHSA-2012:1140-01, RHSA-2012:1141-01, SSA:2012-237-01, SUSE-SU-2012:1002-1, SUSE-SU-2012:1003-1, SUSE-SU-2012:1005-1, VIGILANCE-VUL-11795.

Description of the vulnerability

Several vulnerabilities were announced in ISC DHCP.

An attacker can send a DHCPv6 query with a long Client Identifier, in order to generate a buffer overflow. [severity:3/4; CVE-2012-3570]

An attacker can send a DHCP query with a Client Identifier of null length, in order to generate an infinite loop. [severity:2/4; CVE-2012-3571]

An attacker can send a malformed query, in order to generate two memory leaks, which progressively leads to a denial of service. [severity:1/4; CVE-2012-3954]

An attacker can therefore send malicious packets to an ISC DHCP server, in order to stop it, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-4539 CVE-2011-4868

ISC DHCP: denials of service

Synthesis of the vulnerability

An attacker can generate two denials of service in ISC DHCP, in order to stop it.
Impacted products: Debian, ISC DHCP, Slackware.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 06/06/2012.
Identifiers: CVE-2011-4539, CVE-2011-4868, DSA-2516-1, DSA-2519-1, DSA-2519-2, SSA:2012-237-01, VIGILANCE-VUL-11679.

Description of the vulnerability

Two vulnerabilities were announced in ISC DHCP.

A NULL pointer can be dereferenced during the usage of a regular expression. [severity:2/4; CVE-2011-4539]

An attacker can use a DDNS (Dynamic DNS) packet, in order to dereference a NULL pointer. [severity:2/4; CVE-2011-4868]

An attacker can therefore generate two denials of service in ISC DHCP, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2011-4868

ISC DHCP: denial of service via DHCPv6 and DDNS

Synthesis of the vulnerability

An attacker can send DNS IPv6 updates, in order to stop ISC DHCP.
Impacted products: Fedora, ISC DHCP, Slackware.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 13/01/2012.
Identifiers: BID-51408, CERTA-2012-AVI-019, CVE-2011-4868, FEDORA-2012-0490, SSA:2012-237-01, VIGILANCE-VUL-11280.

Description of the vulnerability

The ISC DHCP server supports IPv6, and can process updates via Dynamic DNS.

When a DDNS TEXT or PTR message is received, the ddns_update_lease_text() and ddns_update_lease_ptr() functions update data. However, if the DHCPv6 lease is not active, a NULL pointer (lease6->addr) is dereferenced, or an update can be done on a freed structure.

An attacker can therefore send DNS IPv6 updates, in order to stop ISC DHCP.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about ISC DHCP: