CVE-2011-2749
published 2011-08-15CVE-2011-2749: The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service…
PriorityP350high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
38.77%
98.4th percentile
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | isc-dhcp | < isc-dhcp 4.2.2-1 (bookworm) | isc-dhcp 4.2.2-1 (bookworm) |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →A crafted BOOTP packet sent to the ISC DHCP server can trigger a daemon exit (denial of service); monitor for unexpected dhcpd process termination following receipt of BOOTP traffic. ↗
- →The vulnerability is remotely exploitable with no authentication required; any host able to send BOOTP/DHCP packets (UDP/67) to the server is a potential attacker. ↗
- ·Affected versions are ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3; ensure patched versions are deployed. ↗
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
DHCP vulnerabilities
vendor_ubuntu·2011-08-15
CVE-2011-2748 DHCP vulnerabilities
Title: DHCP vulnerabilities
Summary: An attacker could send crafted input to DHCP and cause it to crash.
David Zych discovered that DHCP incorrectly handled certain malformed
packets. A remote attacker could use this issue to cause DHCP to crash,
resulting in a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
dhcp: denial of service flaws
vendor_redhat·2011-08-10·CVSS 7.8
CVE-2011-2749 [HIGH] dhcp: denial of service flaws
dhcp: denial of service flaws
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
Debian
CVE-2011-2749: isc-dhcp - The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and ...
vendor_debian·2011·CVSS 7.8
CVE-2011-2749 [HIGH] CVE-2011-2749: isc-dhcp - The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and ...
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
Scope: local
bookworm: resolved (fixed in 4.2.2-1)
bullseye: resolved (fixed in 4.2.2-1)
sid: resolved (fixed in 4.2.2-1)
trixie: resolved (fixed in 4.2.2-1)
GHSA
GHSA-r7gx-rv3r-xpf8: The server in ISC DHCP 3
ghsa_unreviewed·2022-05-13
CVE-2011-2749 [HIGH] CWE-20 GHSA-r7gx-rv3r-xpf8: The server in ISC DHCP 3
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
OSV
CVE-2011-2749: The server in ISC DHCP 3
osv·2011-08-15·CVSS 7.8
CVE-2011-2749 [HIGH] CVE-2011-2749: The server in ISC DHCP 3
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2748 CVE-2011-2749 dhcp various flaws [fedora-all]
bugzilla·2011-08-11·CVSS 7.8
CVE-2011-2748 [HIGH] CVE-2011-2748 CVE-2011-2749 dhcp various flaws [fedora-all]
CVE-2011-2748 CVE-2011-2749 dhcp various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=729382
Please note: this issue affects multiple supported vers
Bugzilla
CVE-2011-2748 CVE-2011-2749 dhcp: denial of service flaws
bugzilla·2011-08-09·CVSS 7.8
CVE-2011-2748 [HIGH] CVE-2011-2748 CVE-2011-2749 dhcp: denial of service flaws
CVE-2011-2748 CVE-2011-2749 dhcp: denial of service flaws
Two flaws were found that could be used to cause the ISC DHCP server to halt when processing certain packets [1]. These could be used by an attacker to cause a denial of service for DHCP services.
These flaws are corrected in upstream versions 3.1-ESV-R3, 4.1-ESV-R3 and 4.2.2.
[1] http://www.isc.org/software/dhcp/advisories/cve-2011-2748
Discussion:
This is now public.
---
Created attachment 517663
upstream 3.1-ESV-R1 -> 3.1-ESV-R3 patch
Extracted patch from diffing R1 to R3 and removing all the extraneous copyright/CVS Id/non-code changes, so it should fix both flaws in 3.x versions of dhcp.
---
Created attachment 517665
patch for dhcp-3.0.5 (RHEL-5)
(In reply to comment #3)
> Created attachment 517663 [details]
> upstre
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.htmlhttp://lists.opensuse.org/opensuse-updates/2011-09/msg00014.htmlhttp://secunia.com/advisories/45582http://secunia.com/advisories/45595http://secunia.com/advisories/45629http://secunia.com/advisories/45639http://secunia.com/advisories/45817http://secunia.com/advisories/45918http://secunia.com/advisories/46780http://security.gentoo.org/glsa/glsa-201301-06.xmlhttp://securitytracker.com/id?1025918http://www.debian.org/security/2011/dsa-2292http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.htmlhttp://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.htmlhttp://www.isc.org/files/release-notes/DHCP%204.2.2_0.htmlhttp://www.isc.org/software/dhcp/advisories/cve-2011-2748http://www.mandriva.com/security/advisories?name=MDVSA-2011:128http://www.redhat.com/support/errata/RHSA-2011-1160.htmlhttp://www.securityfocus.com/bid/49120http://www.ubuntu.com/usn/USN-1190-1https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diffhttps://bugzilla.redhat.com/show_bug.cgi?id=729382https://hermes.opensuse.org/messages/11695711http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.htmlhttp://lists.opensuse.org/opensuse-updates/2011-09/msg00014.htmlhttp://secunia.com/advisories/45582http://secunia.com/advisories/45595http://secunia.com/advisories/45629http://secunia.com/advisories/45639http://secunia.com/advisories/45817http://secunia.com/advisories/45918http://secunia.com/advisories/46780http://security.gentoo.org/glsa/glsa-201301-06.xmlhttp://securitytracker.com/id?1025918http://www.debian.org/security/2011/dsa-2292http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.htmlhttp://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.htmlhttp://www.isc.org/files/release-notes/DHCP%204.2.2_0.htmlhttp://www.isc.org/software/dhcp/advisories/cve-2011-2748http://www.mandriva.com/security/advisories?name=MDVSA-2011:128http://www.redhat.com/support/errata/RHSA-2011-1160.htmlhttp://www.securityfocus.com/bid/49120http://www.ubuntu.com/usn/USN-1190-1https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diffhttps://bugzilla.redhat.com/show_bug.cgi?id=729382https://hermes.opensuse.org/messages/11695711
2011-08-15
Published