PT-2012-1063 · Isc+3 · Dhcp+3

Glen Eustace

Publicado

2012-07-25

Atualizado

2024-06-15

CVE-2012-3954

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions dhcp versions 4.1.1 through 4.2.3 dhcp versions prior to 4.2.4-P1 dhcp versions prior to 4.1-ESV-R6

Description The issue involves multiple vulnerabilities in the dhcp package that can lead to a denial of service due to memory consumption. These vulnerabilities can be exploited remotely by sending many requests, causing disruption to the availability of protected information.

Recommendations For versions 4.1.1, update to version 4.1-ESV-R6 or later. For versions 4.2.x prior to 4.2.4-P1, update to version 4.2.4-P1 or later. As a temporary workaround, consider restricting access to the dhcp service to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-119CWE-20

Identificadores relacionados

BDU:2015-05959

BDU:2015-06086

BDU:2015-06088

BDU:2015-06089

BDU:2015-06091

BDU:2015-08873

BDU:2015-08874

BDU:2015-08875

BDU:2015-08876

BDU:2015-09699

CESA-2012_1141

CVE-2012-3954

DSA-2516-1

DSA-2519-1

DSA-2519-2

OPENSUSE-SU-2024:10358-1

RHSA-2012:1141

RHSA-2012_1141

Produtos afetados

Centos

Red Hat

Suse

Dhcp

PT-2012-1063 · Isc+3 · Dhcp+3

CVE-2012-3954

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54