Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2012-031
HistoryJan 05, 2012 - 8:58 p.m.

Medium: dhcp

2012-01-0520:58:00
alas.aws.amazon.com
14

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON

Issue Overview:

A denial of service flaw was found in the way the dhcpd daemon handled DHCP request packets when regular expression matching was used in “/etc/dhcp/dhcpd.conf”. A remote attacker could use this flaw to crash dhcpd. (CVE-2011-4539)

Affected Packages:

dhcp

Issue Correction:
Run yum update dhcp to update your system.

New Packages:

i686:  
    dhcp-devel-4.1.1-25.P1.14.amzn1.i686  
    dhclient-4.1.1-25.P1.14.amzn1.i686  
    dhcp-4.1.1-25.P1.14.amzn1.i686  
    dhcp-debuginfo-4.1.1-25.P1.14.amzn1.i686  
    dhcp-common-4.1.1-25.P1.14.amzn1.i686  
  
src:  
    dhcp-4.1.1-25.P1.14.amzn1.src  
  
x86_64:  
    dhcp-4.1.1-25.P1.14.amzn1.x86_64  
    dhclient-4.1.1-25.P1.14.amzn1.x86_64  
    dhcp-devel-4.1.1-25.P1.14.amzn1.x86_64  
    dhcp-common-4.1.1-25.P1.14.amzn1.x86_64  
    dhcp-debuginfo-4.1.1-25.P1.14.amzn1.x86_64

Additional References

Red Hat: CVE-2011-4539

Mitre: CVE-2011-4539

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686dhcp-devel< 4.1.1-25.P1.14.amzn1dhcp-devel-4.1.1-25.P1.14.amzn1.i686.rpm
Amazon Linux1i686dhclient< 4.1.1-25.P1.14.amzn1dhclient-4.1.1-25.P1.14.amzn1.i686.rpm
Amazon Linux1i686dhcp< 4.1.1-25.P1.14.amzn1dhcp-4.1.1-25.P1.14.amzn1.i686.rpm
Amazon Linux1i686dhcp-debuginfo< 4.1.1-25.P1.14.amzn1dhcp-debuginfo-4.1.1-25.P1.14.amzn1.i686.rpm
Amazon Linux1i686dhcp-common< 4.1.1-25.P1.14.amzn1dhcp-common-4.1.1-25.P1.14.amzn1.i686.rpm
Amazon Linux1x86_64dhcp< 4.1.1-25.P1.14.amzn1dhcp-4.1.1-25.P1.14.amzn1.x86_64.rpm
Amazon Linux1x86_64dhclient< 4.1.1-25.P1.14.amzn1dhclient-4.1.1-25.P1.14.amzn1.x86_64.rpm
Amazon Linux1x86_64dhcp-devel< 4.1.1-25.P1.14.amzn1dhcp-devel-4.1.1-25.P1.14.amzn1.x86_64.rpm
Amazon Linux1x86_64dhcp-common< 4.1.1-25.P1.14.amzn1dhcp-common-4.1.1-25.P1.14.amzn1.x86_64.rpm
Amazon Linux1x86_64dhcp-debuginfo< 4.1.1-25.P1.14.amzn1dhcp-debuginfo-4.1.1-25.P1.14.amzn1.x86_64.rpm

Related

redhat 2
veracode 1
openvas 31
securityvulns 1
nessus 19
prion 1
fedora 6
ubuntucve 1
freebsd 1
cve 1
debiancve 1
oraclelinux 1
centos 1
ubuntu 1
debian 2
slackware 1
osv 2
gentoo 1
redhat
redhat
(RHSA-2011:1819) Moderate: dhcp security update
2011-12-14 00:00:00
(RHSA-2011:1850) Important: rhev-hypervisor6 security and bug fix update
2011-12-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:07:23
openvas
openvas
Ubuntu: Security Advisory (USN-1309-1)
2011-12-16 00:00:00
FreeBSD Ports: isc-dhcp42-server
2012-02-13 00:00:00
Mandriva Update for dhcp MDVSA-2011:182 (dhcp)
2011-12-09 00:00:00
securityvulns
securityvulns
ISC DHCP DoS
2011-12-11 00:00:00
nessus
nessus
FreeBSD : isc-dhcp-server -- Remote DoS (93be487e-211f-11e1-89b4-001ec9578670)
2011-12-08 00:00:00
openSUSE Security Update : dhcp (openSUSE-2011-68)
2014-06-13 00:00:00
Oracle Solaris Third-Party Patch Update : isc-dhcp (cve_2011_4539_denial_of)
2015-01-19 00:00:00
prion
prion
Design/Logic Flaw
2011-12-08 11:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: dhcp-4.2.3-4.P1.fc16
2011-12-14 23:32:30
[SECURITY] Fedora 16 Update: dhcp-4.2.3-5.P2.fc16
2012-01-22 05:25:38
[SECURITY] Fedora 15 Update: dhcp-4.2.1-14.P1.fc15
2012-01-02 21:49:27
ubuntucve
ubuntucve
CVE-2011-4539
2011-12-08 00:00:00
freebsd
freebsd
isc-dhcp-server -- Remote DoS
2011-12-07 00:00:00
cve
cve
CVE-2011-4539
2011-12-08 11:55:00
debiancve
debiancve
CVE-2011-4539
2011-12-08 11:55:00
oraclelinux
oraclelinux
dhcp security update
2011-12-16 00:00:00
centos
centos
dhclient, dhcp security update
2011-12-22 15:44:59
ubuntu
ubuntu
DHCP vulnerability
2011-12-15 00:00:00
debian
debian
[SECURITY] [DSA 2519-1] isc-dhcp security update
2012-08-01 18:34:11
[SECURITY] [DSA 2519-2] isc-dhcp regression
2012-08-04 11:10:27
slackware
slackware
[slackware-security] dhcp
2012-08-24 22:54:35
osv
osv
isc-dhcp - denial of service
2012-08-04 00:00:00
isc-dhcp - denial of service
2012-08-04 00:00:00
gentoo
gentoo
ISC DHCP: Denial of service
2013-01-09 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON
Related for ALAS-2012-031
redhat2veracode1openvas31securityvulns1nessus19prion1fedora6ubuntucve1freebsd1cve1debiancve1oraclelinux1centos1ubuntu1debian2slackware1osv2gentoo1