ISC DHCP Client Identifier Infinite Loop Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1027299 |
|
SecurityTracker URL: http://securitytracker.com/id/1027299
|
|
CVE Reference:
CVE-2012-3571
(Links to External Site)
|
Date: Jul 25 2012
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.2 to 4.2.4; 4.1-ESV through 4.1-ESV-R5; 4.1.2, 4.1.2-P1
|
Description:
A vulnerability was reported in ISC DHCP. A remote user on the local network can cause denial of service conditions.
A remote user on the local network can send a specially crafted client identifier parameter value to cause the service to enter an infinite loop, preventing the processing of subsequent client requests and consuming excessive CPU resources on the target system.
Markus Hietava of Codenomicon CROSS project reported this vulnerability via CERT-FI.
|
Impact:
A remote user on the local network can cause the target service to consume excessive CPU resources on the target system.
|
Solution:
The vendor has issued a fix (4.1-ESV-R6, 4.2.4-P1).
The vendor's advisory is available at:
https://kb.isc.org/article/AA-00712
|
Vendor URL: kb.isc.org/article/AA-00712 (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 25 Jul 2012 22:12:08 +0000
Subject: ISC DHCP
|
https://kb.isc.org/article/AA-00712
CVE-2012-3571
|
|
