Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2012-153.NASL
HistoryOct 03, 2012 - 12:00 a.m.

Mandriva Linux Security Advisory : dhcp (MDVSA-2012:153-1)

2012-10-0300:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
18
JSON

A security issue was identified and fixed in dhcp :

ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced (CVE-2012-3955).

The updated packages have been patched to correct this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2012:153. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(62402);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2012-3955");
  script_bugtraq_id(55530);
  script_xref(name:"MDVSA", value:"2012:153-1");

  script_name(english:"Mandriva Linux Security Advisory : dhcp (MDVSA-2012:153-1)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A security issue was identified and fixed in dhcp :

ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows
remote attackers to cause a denial of service (daemon crash) in
opportunistic circumstances by establishing an IPv6 lease in an
environment where the lease expiration time is later reduced
(CVE-2012-3955).

The updated packages have been patched to correct this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://kb.isc.org/docs/aa-00779"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-relay");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcp-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/10/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2011", reference:"dhcp-client-4.2.4-0.P2.0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"dhcp-common-4.2.4-0.P2.0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"dhcp-devel-4.2.4-0.P2.0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"dhcp-doc-4.2.4-0.P2.0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"dhcp-relay-4.2.4-0.P2.0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"dhcp-server-4.2.4-0.P2.0.1-mdv2011.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxdhcp-clientp-cpe:/a:mandriva:linux:dhcp-client
mandrivalinuxdhcp-commonp-cpe:/a:mandriva:linux:dhcp-common
mandrivalinuxdhcp-develp-cpe:/a:mandriva:linux:dhcp-devel
mandrivalinuxdhcp-docp-cpe:/a:mandriva:linux:dhcp-doc
mandrivalinuxdhcp-relayp-cpe:/a:mandriva:linux:dhcp-relay
mandrivalinuxdhcp-serverp-cpe:/a:mandriva:linux:dhcp-server
mandrivalinux2011cpe:/o:mandriva:linux:2011

Related

veracode 1
nessus 18
cve 1
ubuntu 1
openvas 24
securityvulns 2
slackware 1
centos 1
redhat 2
prion 1
debian 1
f5 2
fedora 5
ubuntucve 1
amazon 1
debiancve 1
oraclelinux 1
gentoo 1
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:57:11
nessus
nessus
Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : dhcp (SSA:2012-258-01)
2012-09-15 00:00:00
Fedora 18 : dhcp-4.2.4-15.P2.fc18 (2012-13910)
2012-09-18 00:00:00
Fedora 17 : dhcp-4.2.4-13.P2.fc17 (2012-14149)
2012-09-27 00:00:00
cve
cve
CVE-2012-3955
2012-09-14 10:33:00
ubuntu
ubuntu
DHCP vulnerability
2012-09-18 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2551-1)
2012-09-26 00:00:00
Mandriva Update for dhcp MDVSA-2012:153-1 (dhcp)
2012-10-03 00:00:00
Debian Security Advisory DSA 2551-1 (isc-dhcp)
2012-09-26 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:153 ] dhcp
2012-09-18 00:00:00
ISC dhcp multiple security vulnerabilities
2012-09-18 00:00:00
slackware
slackware
[slackware-security] dhcp
2012-09-14 22:21:58
centos
centos
dhclient, dhcp security update
2013-02-27 19:34:21
redhat
redhat
(RHSA-2013:0504) Low: dhcp security and bug fix update
2013-02-21 00:00:00
(RHSA-2013:0579) Important: rhev-hypervisor6 security, bug fix, and enhancement update
2013-02-28 00:00:00
prion
prion
Code injection
2012-09-14 10:33:00
debian
debian
[SECURITY] [DSA 2551-1] isc-dhcp security update
2012-09-23 22:16:15
f5
f5
SOL16873 - ISC DHCP vulnerability CVE-2012-3955
2015-07-02 00:00:00
K16873 : ISC DHCP vulnerability CVE-2012-3955
2015-07-02 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: dhcp-4.2.4-15.P2.fc18
2012-09-17 23:13:39
[SECURITY] Fedora 17 Update: dhcp-4.2.4-13.P2.fc17
2012-09-26 08:53:17
[SECURITY] Fedora 17 Update: dhcp-4.2.4-16.P2.fc17
2012-10-19 23:59:48
ubuntucve
ubuntucve
CVE-2012-3955
2012-09-13 00:00:00
amazon
amazon
Low: dhcp
2013-03-02 16:47:00
debiancve
debiancve
CVE-2012-3955
2012-09-14 10:33:00
oraclelinux
oraclelinux
dhcp security and bug fix update
2013-02-22 00:00:00
gentoo
gentoo
ISC DHCP: Denial of service
2013-01-09 00:00:00
JSON
Related for MANDRIVA_MDVSA-2012-153.NASL
veracode1nessus18cve1ubuntu1openvas24securityvulns2slackware1centos1redhat2prion1debian1f52fedora5ubuntucve1amazon1debiancve1oraclelinux1gentoo1