CVE-2012-3571
published 2012-07-25CVE-2012-3571: ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a…
PriorityP430medium6.1CVSS 2.0
AVAACLAuNCNINAC
EXPLOIT
EPSS
12.98%
95.8th percentile
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | isc-dhcp | < isc-dhcp 4.2.4-2 (bookworm) | isc-dhcp 4.2.4-2 (bookworm) |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
CVSS provenance
nvdv2.06.1MEDIUMAV:A/AC:L/Au:N/C:N/I:N/A:C
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
vendor_ubuntu6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2fx4-27pj-8f74: ISC DHCP 4
ghsa_unreviewed·2022-05-13
CVE-2012-3571 [MEDIUM] CWE-119 GHSA-2fx4-27pj-8f74: ISC DHCP 4
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
OSV
CVE-2012-3571: ISC DHCP 4
osv·2012-07-25·CVSS 6.1
CVE-2012-3571 [MEDIUM] CVE-2012-3571: ISC DHCP 4
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
Ubuntu
DHCP vulnerabilities
vendor_ubuntu·2012-07-26·CVSS 6.1
CVE-2012-3571 [MEDIUM] DHCP vulnerabilities
Title: DHCP vulnerabilities
Summary: DHCP could be made to crash if it received specially crafted network
traffic.
Markus Hietava discovered that the DHCP server incorrectly handled certain
malformed client identifiers. A remote attacker could use this issue to
cause DHCP to crash, resulting in a denial of service. (CVE-2012-3571)
Glen Eustace discovered that the DHCP server incorrectly handled memory. A
remote attacker could use this issue to cause DHCP to crash, resulting in a
denial of service. (CVE-2012-3954)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
dhcp: DoS due to error in handling malformed client identifiers
vendor_redhat·2012-07-24·CVSS 6.1
CVE-2012-3571 [MEDIUM] dhcp: DoS due to error in handling malformed client identifiers
dhcp: DoS due to error in handling malformed client identifiers
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
Red Hat
OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
vendor_redhat·2012-02-14·CVSS 3.6
CVE-2011-3571 [LOW] OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in Java Runtime Environment, but that issue has been reassigned to CVE-2012-0507.
Package: java-1.6.0-sun (Red Hat Enterprise Linux 4) - Affected
Debian
CVE-2012-3571: isc-dhcp - ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attacke...
vendor_debian·2012·CVSS 6.1
CVE-2012-3571 [MEDIUM] CVE-2012-3571: isc-dhcp - ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attacke...
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
Scope: local
bookworm: resolved (fixed in 4.2.4-2)
bullseye: resolved (fixed in 4.2.4-2)
sid: resolved (fixed in 4.2.4-2)
trixie: resolved (fixed in 4.2.4-2)
No detection rules found.
Bugzilla
CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 dhcp various flaws [fedora-all]
bugzilla·2012-07-24·CVSS 5.7
CVE-2012-3570 [MEDIUM] CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 dhcp various flaws [fedora-all]
CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 dhcp various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&b
Bugzilla
CVE-2012-3571 dhcp: DoS due to error in handling malformed client identifiers
bugzilla·2012-07-23·CVSS 6.1
CVE-2012-3571 [MEDIUM] CVE-2012-3571 dhcp: DoS due to error in handling malformed client identifiers
CVE-2012-3571 dhcp: DoS due to error in handling malformed client identifiers
An error in the handling of malformed client identifiers can cause a DHCP
server running affected versions to enter a state where further client
requests are not processed and the server process loops endlessly,
consuming all available CPU cycles.
Under normal circumstances this condition should not be triggered, but a
non-conforming or malicious client could deliberately trigger it in a
vulnerable server. In order to exploit this condition an attacker must be
able to send requests to the DHCP server .
ISC DHCP versions 4.2.x through to 4.2.4 are affected, as well as 4.1.x. Earlier versions may also be vulnerable.
Acknowledgements:
Upstream acknowledges Markus Hietava of Codenomicon CROSS project as the orig
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1140.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1141.htmlhttp://security.gentoo.org/glsa/glsa-201301-06.xmlhttp://www.debian.org/security/2012/dsa-2516http://www.debian.org/security/2012/dsa-2519http://www.mandriva.com/security/advisories?name=MDVSA-2012:115http://www.mandriva.com/security/advisories?name=MDVSA-2012:116http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/54665http://www.ubuntu.com/usn/USN-1519-1https://kb.isc.org/article/AA-00712http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1140.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1141.htmlhttp://security.gentoo.org/glsa/glsa-201301-06.xmlhttp://www.debian.org/security/2012/dsa-2516http://www.debian.org/security/2012/dsa-2519http://www.mandriva.com/security/advisories?name=MDVSA-2012:115http://www.mandriva.com/security/advisories?name=MDVSA-2012:116http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/54665http://www.ubuntu.com/usn/USN-1519-1https://kb.isc.org/article/AA-00712
2012-07-25
Published