PT-2012-1063 · Isc+3 · Dhcp+3

Glen Eustace

Published

2012-07-25

Updated

2024-06-15

CVE-2012-3954

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions dhcp versions 4.1.1 through 4.2.3 dhcp versions prior to 4.2.4-P1 dhcp versions prior to 4.1-ESV-R6

Description The issue involves multiple vulnerabilities in the dhcp package that can lead to a denial of service due to memory consumption. These vulnerabilities can be exploited remotely by sending many requests, causing disruption to the availability of protected information.

Recommendations For versions 4.1.1, update to version 4.1-ESV-R6 or later. For versions 4.2.x prior to 4.2.4-P1, update to version 4.2.4-P1 or later. As a temporary workaround, consider restricting access to the dhcp service to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-119CWE-20

Related Identifiers

BDU:2015-05959

BDU:2015-06086

BDU:2015-06088

BDU:2015-06089

BDU:2015-06091

BDU:2015-08873

BDU:2015-08874

BDU:2015-08875

BDU:2015-08876

BDU:2015-09699

CESA-2012_1141

CVE-2012-3954

DSA-2516-1

DSA-2519-1

DSA-2519-2

OPENSUSE-SU-2024:10358-1

RHSA-2012:1141

RHSA-2012_1141

Affected Products

Centos

Red Hat

Suse

Dhcp

PT-2012-1063 · Isc+3 · Dhcp+3

CVE-2012-3954

Weakness Enumeration

Related Identifiers

Affected Products

References · 54