Lucene search

[email protected]CVE-2009-0692

HistoryJul 14, 2009 - 8:30 p.m.

CVE-2009-0692

2009-07-1420:30:00

CWE-119

[email protected]

web.nvd.nist.gov

isc dhcp

cve-2009-0692

buffer overflow

security vulnerability

remote code execution

7.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

94.1%

JSON

Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.

CPENameOperatorVersion
isc:dhcpisc dhcpeq4.1.0
isc:dhcpisc dhcpeq2.0
isc:dhcpisc dhcpeq3.0
isc:dhcpisc dhcpeq3.1
isc:dhcpisc dhcpeq4.0

CPE	Name	Operator	Version
isc:dhcp	isc dhcp	eq	4.1.0
isc:dhcp	isc dhcp	eq	2.0
isc:dhcp	isc dhcp	eq	3.0
isc:dhcp	isc dhcp	eq	3.1
isc:dhcp	isc dhcp	eq	4.0

References

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc

itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083

lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html

secunia.com/advisories/35785

secunia.com/advisories/35829

secunia.com/advisories/35830

secunia.com/advisories/35831

secunia.com/advisories/35832

secunia.com/advisories/35841

secunia.com/advisories/35849

secunia.com/advisories/35850

secunia.com/advisories/35851

secunia.com/advisories/35880

secunia.com/advisories/36457

secunia.com/advisories/37342

secunia.com/advisories/40551

security.gentoo.org/glsa/glsa-200907-12.xml

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471

www.debian.org/security/2009/dsa-1833

www.kb.cert.org/vuls/id/410676

www.mandriva.com/security/advisories?name=MDVSA-2009:151

www.osvdb.org/55819

www.redhat.com/support/errata/RHSA-2009-1136.html

www.redhat.com/support/errata/RHSA-2009-1154.html

www.securityfocus.com/bid/35668

www.securitytracker.com/id?1022548

www.ubuntu.com/usn/usn-803-1

www.vupen.com/english/advisories/2009/1891

www.vupen.com/english/advisories/2010/1796

bugzilla.redhat.com/show_bug.cgi?id=507717

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941

www.isc.org/downloadables/12

www.isc.org/node/468

www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html

www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html

7.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

94.1%

JSON

CVE-2009-0692

References

Related