Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2011-128.NASL
HistoryAug 20, 2011 - 12:00 a.m.

Mandriva Linux Security Advisory : dhcp (MDVSA-2011:128)

2011-08-2000:00:00
This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.
www.tenable.com
7

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.963 High

EPSS

Percentile

99.6%

JSON

Multiple vulnerabilities has been discovered and corrected in dhcp :

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet (CVE-2011-2748).

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet (CVE-2011-2749).

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been patched to correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2011:128. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(55916);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2011-2748", "CVE-2011-2749");
  script_bugtraq_id(49120);
  script_xref(name:"MDVSA", value:"2011:128");

  script_name(english:"Mandriva Linux Security Advisory : dhcp (MDVSA-2011:128)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been discovered and corrected in dhcp :

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before
3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to
cause a denial of service (daemon exit) via a crafted DHCP packet
(CVE-2011-2748).

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before
3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to
cause a denial of service (daemon exit) via a crafted BOOTP packet
(CVE-2011-2749).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been patched to correct these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-relay");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/08/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2009.0", reference:"dhcp-client-4.1.2-0.5mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"dhcp-common-4.1.2-0.5mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"dhcp-devel-4.1.2-0.5mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"dhcp-doc-4.1.2-0.5mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"dhcp-relay-4.1.2-0.5mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"dhcp-server-4.1.2-0.5mdv2009.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2010.1", reference:"dhcp-client-4.1.2-0.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"dhcp-common-4.1.2-0.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"dhcp-devel-4.1.2-0.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"dhcp-doc-4.1.2-0.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"dhcp-relay-4.1.2-0.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"dhcp-server-4.1.2-0.5mdv2010.2", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxdhcp-clientp-cpe:/a:mandriva:linux:dhcp-client
mandrivalinuxdhcp-commonp-cpe:/a:mandriva:linux:dhcp-common
mandrivalinuxdhcp-develp-cpe:/a:mandriva:linux:dhcp-devel
mandrivalinuxdhcp-docp-cpe:/a:mandriva:linux:dhcp-doc
mandrivalinuxdhcp-relayp-cpe:/a:mandriva:linux:dhcp-relay
mandrivalinuxdhcp-serverp-cpe:/a:mandriva:linux:dhcp-server
mandrivalinux2009.0cpe:/o:mandriva:linux:2009.0
mandrivalinux2010.1cpe:/o:mandriva:linux:2010.1

Related

openvas 28
redhat 1
nessus 17
debian 1
fedora 4
securityvulns 4
ubuntu 1
centos 1
oraclelinux 1
freebsd 1
veracode 2
ubuntucve 2
debiancve 2
nvd 2
cvelist 2
cve 2
checkpoint_advisories 1
prion 2
gentoo 1
openvas
openvas
Fedora Update for dhcp FEDORA-2011-10740
2011-08-31 00:00:00
Debian Security Advisory DSA 2292-1 (isc-dhcp)
2012-03-12 00:00:00
RedHat Update for dhcp RHSA-2011:1160-01
2011-08-18 00:00:00
redhat
redhat
(RHSA-2011:1160) Moderate: dhcp security update
2011-08-15 00:00:00
nessus
nessus
openSUSE Security Update : dhcp (openSUSE-SU-2011:1021-1)
2014-06-13 00:00:00
Oracle Linux 4 / 5 / 6 : dhcp (ELSA-2011-1160)
2013-07-12 00:00:00
CentOS 4 / 5 : dhcp (CESA-2011:1160)
2011-08-17 00:00:00
debian
debian
[SECURITY] [DSA 2292-1] ISC DHCP security update
2011-08-11 05:33:46
fedora
fedora
[SECURITY] Fedora 15 Update: dhcp-4.2.1-10.P1.fc15
2011-08-26 18:50:32
[SECURITY] Fedora 16 Update: dhcp-4.2.2-1.fc16
2011-08-22 15:08:46
[SECURITY] Fedora 15 Update: dhcp-4.2.1-14.P1.fc15
2012-01-02 21:49:27
securityvulns
securityvulns
ISC DHCPD DoS
2011-08-17 00:00:00
[SECURITY] [DSA 2292-1] ISC DHCP security update
2011-08-17 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-04-11 00:00:00
ubuntu
ubuntu
DHCP vulnerabilities
2011-08-15 00:00:00
centos
centos
dhclient, dhcp, libdhcp4client security update
2011-08-16 13:04:38
oraclelinux
oraclelinux
dhcp security update
2011-08-15 00:00:00
freebsd
freebsd
isc-dhcp-server -- server halt upon processing certain packets
2011-08-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:03:44
Denial Of Service (DoS)
2020-04-10 01:03:45
ubuntucve
ubuntucve
CVE-2011-2748
2011-08-11 00:00:00
CVE-2011-2749
2011-08-11 00:00:00
debiancve
debiancve
CVE-2011-2748
2011-08-15 21:55:02
CVE-2011-2749
2011-08-15 21:55:02
nvd
nvd
CVE-2011-2749
2011-08-15 21:55:02
CVE-2011-2748
2011-08-15 21:55:02
cvelist
cvelist
CVE-2011-2748
2011-08-15 21:00:00
CVE-2011-2749
2011-08-15 21:00:00
cve
cve
CVE-2011-2749
2011-08-15 21:55:02
CVE-2011-2748
2011-08-15 21:55:02
checkpoint_advisories
checkpoint_advisories
ISC DHCP Server Packet Processing Denial of Service (CVE-2011-2748)
2011-12-06 00:00:00
prion
prion
Code injection
2011-08-15 21:55:00
Code injection
2011-08-15 21:55:00
gentoo
gentoo
ISC DHCP: Denial of service
2013-01-09 00:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.963 High

EPSS

Percentile

99.6%

JSON
Related for MANDRIVA_MDVSA-2011-128.NASL
openvas28redhat1nessus17debian1fedora4securityvulns4ubuntu1centos1oraclelinux1freebsd1veracode2ubuntucve2debiancve2nvd2cvelist2cve2checkpoint_advisories1prion2gentoo1