5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.967 High
EPSS
Percentile
99.6%
A vulnerability in ISC DHCP could allow a remote attacker to cause the DHCP server to exit, resulting in a denial of service.
ISC DHCP is a commonly redistributed reference implementation of the Dynamic Host Configuration Protocol (DHCP), including a server, client, and relay agent. The server component contains a fencepost error in the way that it handles client identifiers. As a result, a request from a client system containing a zero-length client id will cause the server to exit.
ISC indicates that this vulnerability affects ISC-DHCP versions 4.0.x, 4.1.x, and 4.2.x but not 3.1.x. We are aware of publicly available exploit code for this vulnerability.
A remote unauthenticated attacker may cause the DHCP server to exit, thereby causing a denial of service.
Upgrade or apply a patch from the vendor
Patches and updated versions of the software have been released to address this issue. Please see the Systems Affected section of this document for more information.
Users who compile their DHCP software from the original source distribution should upgrade to one of the following versions: 4.1.1-P1 or 4.0.2-P1.
541921
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: July 14, 2010
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: July 14, 2010
Statement Date: May 28, 2010
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: July 14, 2010
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to ISC for reporting this vulnerability.
This document was written by Chad R Dougherty.
CVE IDs: | CVE-2010-2156 |
---|---|
Severity Metric: | 5.63 Date Public: |