CVE-2011-2748
published 2011-08-15CVE-2011-2748: The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service…
PriorityP350high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
38.77%
98.4th percentile
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | isc-dhcp | < isc-dhcp 4.2.2-1 (bookworm) | isc-dhcp 4.2.2-1 (bookworm) |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered by a crafted/malformed DHCP packet sent to the ISC DHCP server, causing daemon exit (DoS). Monitor for unexpected dhcpd process termination or crashes following receipt of malformed DHCP traffic. ↗
- →The attack is remotely exploitable over the network against the DHCP server daemon (dhcpd). Any remote attacker able to send DHCP packets to the server can trigger the flaw. ↗
- →Two related flaws (CVE-2011-2748 and CVE-2011-2749) affect the same ISC DHCP server codebase and can both be used to halt the daemon via crafted packets. Detection logic should cover both CVEs together. ↗
- ·Affected versions are ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3. Fixed versions are 3.1-ESV-R3, 4.1-ESV-R3, and 4.2.2. ↗
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
DHCP vulnerabilities
vendor_ubuntu·2011-08-15
CVE-2011-2748 DHCP vulnerabilities
Title: DHCP vulnerabilities
Summary: An attacker could send crafted input to DHCP and cause it to crash.
David Zych discovered that DHCP incorrectly handled certain malformed
packets. A remote attacker could use this issue to cause DHCP to crash,
resulting in a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
dhcp: denial of service flaws
vendor_redhat·2011-08-10·CVSS 7.8
CVE-2011-2748 [HIGH] dhcp: denial of service flaws
dhcp: denial of service flaws
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
Debian
CVE-2011-2748: isc-dhcp - The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and ...
vendor_debian·2011·CVSS 7.8
CVE-2011-2748 [HIGH] CVE-2011-2748: isc-dhcp - The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and ...
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
Scope: local
bookworm: resolved (fixed in 4.2.2-1)
bullseye: resolved (fixed in 4.2.2-1)
sid: resolved (fixed in 4.2.2-1)
trixie: resolved (fixed in 4.2.2-1)
GHSA
GHSA-xm4m-62pf-w44f: The server in ISC DHCP 3
ghsa_unreviewed·2022-05-13
CVE-2011-2748 [HIGH] CWE-20 GHSA-xm4m-62pf-w44f: The server in ISC DHCP 3
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
OSV
CVE-2011-2748: The server in ISC DHCP 3
osv·2011-08-15·CVSS 7.8
CVE-2011-2748 [HIGH] CVE-2011-2748: The server in ISC DHCP 3
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2748 CVE-2011-2749 dhcp various flaws [fedora-all]
bugzilla·2011-08-11·CVSS 7.8
CVE-2011-2748 [HIGH] CVE-2011-2748 CVE-2011-2749 dhcp various flaws [fedora-all]
CVE-2011-2748 CVE-2011-2749 dhcp various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=729382
Please note: this issue affects multiple supported vers
Bugzilla
CVE-2011-2748 CVE-2011-2749 dhcp: denial of service flaws
bugzilla·2011-08-09·CVSS 7.8
CVE-2011-2748 [HIGH] CVE-2011-2748 CVE-2011-2749 dhcp: denial of service flaws
CVE-2011-2748 CVE-2011-2749 dhcp: denial of service flaws
Two flaws were found that could be used to cause the ISC DHCP server to halt when processing certain packets [1]. These could be used by an attacker to cause a denial of service for DHCP services.
These flaws are corrected in upstream versions 3.1-ESV-R3, 4.1-ESV-R3 and 4.2.2.
[1] http://www.isc.org/software/dhcp/advisories/cve-2011-2748
Discussion:
This is now public.
---
Created attachment 517663
upstream 3.1-ESV-R1 -> 3.1-ESV-R3 patch
Extracted patch from diffing R1 to R3 and removing all the extraneous copyright/CVS Id/non-code changes, so it should fix both flaws in 3.x versions of dhcp.
---
Created attachment 517665
patch for dhcp-3.0.5 (RHEL-5)
(In reply to comment #3)
> Created attachment 517663 [details]
> upstre
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.htmlhttp://lists.opensuse.org/opensuse-updates/2011-09/msg00014.htmlhttp://redmine.pfsense.org/issues/1888http://secunia.com/advisories/45582http://secunia.com/advisories/45595http://secunia.com/advisories/45629http://secunia.com/advisories/45639http://secunia.com/advisories/45817http://secunia.com/advisories/45918http://secunia.com/advisories/46780http://security.gentoo.org/glsa/glsa-201301-06.xmlhttp://securitytracker.com/id?1025918http://www.debian.org/security/2011/dsa-2292http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.htmlhttp://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.htmlhttp://www.isc.org/files/release-notes/DHCP%204.2.2_0.htmlhttp://www.isc.org/software/dhcp/advisories/cve-2011-2748http://www.mandriva.com/security/advisories?name=MDVSA-2011:128http://www.redhat.com/support/errata/RHSA-2011-1160.htmlhttp://www.securityfocus.com/bid/49120http://www.ubuntu.com/usn/USN-1190-1https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diffhttps://bugzilla.redhat.com/show_bug.cgi?id=729382https://exchange.xforce.ibmcloud.com/vulnerabilities/69139https://hermes.opensuse.org/messages/11695711http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.htmlhttp://lists.opensuse.org/opensuse-updates/2011-09/msg00014.htmlhttp://redmine.pfsense.org/issues/1888http://secunia.com/advisories/45582http://secunia.com/advisories/45595http://secunia.com/advisories/45629http://secunia.com/advisories/45639http://secunia.com/advisories/45817http://secunia.com/advisories/45918http://secunia.com/advisories/46780http://security.gentoo.org/glsa/glsa-201301-06.xmlhttp://securitytracker.com/id?1025918http://www.debian.org/security/2011/dsa-2292http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.htmlhttp://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.htmlhttp://www.isc.org/files/release-notes/DHCP%204.2.2_0.htmlhttp://www.isc.org/software/dhcp/advisories/cve-2011-2748http://www.mandriva.com/security/advisories?name=MDVSA-2011:128http://www.redhat.com/support/errata/RHSA-2011-1160.htmlhttp://www.securityfocus.com/bid/49120http://www.ubuntu.com/usn/USN-1190-1https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diffhttps://bugzilla.redhat.com/show_bug.cgi?id=729382https://exchange.xforce.ibmcloud.com/vulnerabilities/69139https://hermes.opensuse.org/messages/11695711
2011-08-15
Published