CVE-2003-0039
published 2003-02-07CVE-2003-0039: ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
7.95%
94.0th percentile
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| isc | dhcpd | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h2v9-xvmg-qcc7: ISC dhcrelay (dhcp-relay) 3
ghsa_unreviewed·2022-04-29
CVE-2003-0039 [MEDIUM] GHSA-h2v9-xvmg-qcc7: ISC dhcrelay (dhcp-relay) 3
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.
Red Hat
security flaw
vendor_redhat·2003-01-15·CVSS 5.0
CVE-2003-0039 [MEDIUM] security flaw
security flaw
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2003-0039 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2003-0039 [MEDIUM] CVE-2003-0039 security flaw
CVE-2003-0039 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.
Bugzilla
CVE-2012-0039 glib2: hash table collisions CPU usage DoS
bugzilla·2012-01-09·CVSS 7.5
CVE-2012-0039 [HIGH] CVE-2012-0039 glib2: hash table collisions CPU usage DoS
CVE-2012-0039 glib2: hash table collisions CPU usage DoS
It was reported [1] (and the original report [2]) that glib2 also suffers from algorithmic complexity attacks as described in oCERT-2011-003. While this was originally reported to upstream in 2003, it does not look as though anything was done to correct the problem. According to the Debian report, current glib2 is still vulnerable.
Doing a lookup on other g_str_hash() functions, the following packages may also be vulnerable if they copied code from glib2:
arts-1.5.10/flow/gsl/gslglib.c:172: guint g_str_hash (gconstpointer key)
gettext-0.17/gettext-tools/gnulib-lib/glib/gstring.c:97: g_str_hash (gconstpointer v)
pkg-config-0.23/glib-1.2.10/gstring.c:72: g_str_hash (gconstpointer key)
In addition to the above, the following are als
http://cc.turbolinux.com/security/TLSA-2003-26.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616http://marc.info/?l=bugtraq&m=104310927813830&w=2http://www.debian.org/security/2003/dsa-245http://www.kb.cert.org/vuls/id/149953http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.htmlhttp://www.redhat.com/support/errata/RHSA-2003-034.htmlhttp://www.securityfocus.com/bid/6628https://exchange.xforce.ibmcloud.com/vulnerabilities/11187http://cc.turbolinux.com/security/TLSA-2003-26.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616http://marc.info/?l=bugtraq&m=104310927813830&w=2http://www.debian.org/security/2003/dsa-245http://www.kb.cert.org/vuls/id/149953http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.htmlhttp://www.redhat.com/support/errata/RHSA-2003-034.htmlhttp://www.securityfocus.com/bid/6628https://exchange.xforce.ibmcloud.com/vulnerabilities/11187
2003-02-07
Published