Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1833-1
HistoryJul 14, 2009 - 12:00 a.m.

dhcp3 - arbitrary code execution

2009-07-1400:00:00
Google
osv.dev
15

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.073 Low

EPSS

Percentile

93.1%

JSON

Several remote vulnerabilities have been discovered in ISC’s DHCP
implementation:

  • CVE-2009-0692
    It was discovered that dhclient does not properly handle overlong
    subnet mask options, leading to a stack-based buffer overflow and
    possible arbitrary code execution.
  • CVE-2009-1892
    Christoph Biedl discovered that the DHCP server may terminate when
    receiving certain well-formed DHCP requests, provided that the server
    configuration mixes host definitions using “dhcp-client-identifier”
    and “hardware ethernet”. This vulnerability only affects the lenny
    versions of dhcp3-server and dhcp3-server-ldap.

For the old stable distribution (etch), these problems have been fixed
in version 3.0.4-13+etch2.

For the stable distribution (lenny), this problem has been fixed in
version 3.1.1-6+lenny2.

For the unstable distribution (sid), these problems will be fixed
soon.

We recommend that you upgrade your dhcp3 packages.

CPENameOperatorVersion
dhcp3eq3.1.1-6

Related

openvas 47
nessus 26
fedora 3
securityvulns 4
debian 2
osv 1
oraclelinux 2
exploitpack 1
ubuntu 2
checkpoint_advisories 2
redhat 2
seebug 5
cve 2
cert 1
prion 2
gentoo 2
checkpoint_security 1
debiancve 1
ubuntucve 2
packetstorm 1
slackware 1
exploitdb 2
freebsd 1
threatpost 1
centos 1
suse 1
vmware 2
openvas
openvas
Debian Security Advisory DSA 1833-2 (dhcp3)
2009-09-02 00:00:00
Fedora Core 10 FEDORA-2009-8344 (dhcp)
2009-09-02 00:00:00
Debian Security Advisory DSA 1833-1 (dhcp3)
2009-07-29 00:00:00
nessus
nessus
Debian DSA-1833-1 : dhcp3 - several vulnerabilities
2010-02-24 00:00:00
Fedora 11 : dhcp-4.1.0p1-4.fc11 (2009-9075)
2009-11-11 00:00:00
Fedora 10 : dhcp-4.0.0-37.fc10 (2009-8344)
2009-08-26 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: dhcp-4.1.0p1-4.fc11
2009-11-10 17:47:15
[SECURITY] Fedora 10 Update: dhcp-4.0.0-37.fc10
2009-08-25 22:12:17
[SECURITY] Fedora 11 Update: dhcp-4.1.0p1-6.fc11
2010-06-24 16:20:01
securityvulns
securityvulns
[Full-disclosure] [SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
2009-07-15 00:00:00
ISC DHCP client buffer overflow
2009-07-15 00:00:00
[security bulletin] HPSBMA02554 SSRT100018 rev.2 - HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service (DoS), Remote Unauthorized Access
2010-07-18 00:00:00
debian
debian
[SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution
2009-08-25 19:57:28
[SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
2009-07-14 19:33:29
osv
osv
dhcp3 - arbitrary code execution
2009-07-14 00:00:00
oraclelinux
oraclelinux
dhcp security update
2009-07-14 00:00:00
dhcp security update
2009-07-14 00:00:00
exploitpack
exploitpack
ISC DHCP dhclient 3.1.2p1 - Remote Buffer Overflow (PoC)
2009-07-27 00:00:00
ubuntu
ubuntu
Dhcp vulnerability
2010-01-27 00:00:00
dhcp vulnerability
2009-07-14 00:00:00
checkpoint_advisories
checkpoint_advisories
ISC DHCP dhclient script_write_params Stack Buffer Overflow (CVE-2009-0692)
2010-02-03 00:00:00
Preemptive Protection against DHCP Stack Overflow in 'dhclient' script_write_params()
2009-07-17 00:00:00
redhat
redhat
(RHSA-2009:1136) Critical: dhcp security update
2009-07-14 00:00:00
(RHSA-2009:1154) Critical: dhcp security update
2009-07-14 00:00:00
seebug
seebug
ISC DHCP dhclient < 3.1.2p1 Remote Buffer Overflow PoC
2009-07-28 00:00:00
ISC DHCP 'dhclient' 'script_write_params()' - Stack Buffer Overflow Vulnerability
2014-07-01 00:00:00
ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability
2009-11-10 00:00:00
cve
cve
CVE-2009-0692
2009-07-14 20:30:00
CVE-2009-1892
2009-07-17 16:30:00
cert
cert
ISC DHCP dhclient stack buffer overflow
2009-07-14 00:00:00
prion
prion
Code injection
2009-07-17 16:30:00
Stack overflow
2009-07-14 20:30:00
gentoo
gentoo
ISC DHCP: dhcpd Denial of service
2009-08-18 00:00:00
ISC DHCP: dhcpclient Remote execution of arbitrary code
2009-07-14 00:00:00
checkpoint_security
checkpoint_security
Check Point response to ISC DHCP dhclient buffer overflow vulnerability (CVE-2009-0692)
2009-07-14 21:00:00
debiancve
debiancve
CVE-2009-1892
2009-07-17 16:30:00
ubuntucve
ubuntucve
CVE-2009-1892
2009-07-17 00:00:00
CVE-2009-0692
2009-07-14 00:00:00
packetstorm
packetstorm
ISC DHCP dhclient Buffer Overflow
2009-07-28 00:00:00
slackware
slackware
dhcp
2009-07-14 17:34:59
exploitdb
exploitdb
ISC DHCP 'dhclient' 'script_write_params' - Stack Buffer Overflow Vulnerability
2009-11-10 00:00:00
ISC DHCP dhclient < 3.1.2p1 - Remote Buffer Overflow (PoC)
2009-07-27 00:00:00
freebsd
freebsd
isc-dhcp-client -- Stack overflow vulnerability
2009-07-14 00:00:00
threatpost
threatpost
Critical RCE Bug Found Lurking in Avaya VoIP Phones
2019-08-08 20:00:50
centos
centos
dhclient, dhcp security update
2009-07-15 19:59:01
suse
suse
remote code execution in dhcp-client
2009-07-15 16:27:03
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.073 Low

EPSS

Percentile

93.1%

JSON
Related for OSV:DSA-1833-1
openvas47nessus26fedora3securityvulns4debian2osv1oraclelinux2exploitpack1ubuntu2checkpoint_advisories2redhat2seebug5cve2cert1prion2gentoo2checkpoint_security1debiancve1ubuntucve2packetstorm1slackware1exploitdb2freebsd1threatpost1centos1suse1vmware2