CVE-2012-3955
published 2012-09-14CVE-2012-3955: ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances…
PriorityP336high7.1CVSS 2.0
AVNACMAuNCNINAC
EPSS
21.65%
97.3th percentile
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | isc-dhcp | < isc-dhcp 4.2.4-2 (bookworm) | isc-dhcp 4.2.4-2 (bookworm) |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
CVSS provenance
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv7.1HIGH
vendor_debian7.1HIGH
vendor_redhat7.1HIGH
vendor_ubuntu7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
DHCP vulnerability
vendor_ubuntu·2012-09-18·CVSS 7.1
CVE-2012-3955 [HIGH] DHCP vulnerability
Title: DHCP vulnerability
Summary: DHCP could be made to crash if it received specially crafted network
traffic.
Glen Eustace discovered that the DHCP server incorrectly handled IPv6
expiration times. A remote attacker could use this issue to cause DHCP to
crash, resulting in a denial of service. This issue only affected Ubuntu
11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3955)
Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped by
using environment variables. This update mitigates the issue by sanitizing
certain variables in the DHCP shell scripts.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
vendor_redhat·2012-09-12·CVSS 7.1
CVE-2012-3955 [HIGH] dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash.
Statement: This issue does not affect the version of dhcp as shipped with Red Hat Enterprise Linux 5.
Package: dhcp (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2012-3955: isc-dhcp - ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attacke...
vendor_debian·2012·CVSS 7.1
CVE-2012-3955 [HIGH] CVE-2012-3955: isc-dhcp - ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attacke...
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
Scope: local
bookworm: resolved (fixed in 4.2.4-2)
bullseye: resolved (fixed in 4.2.4-2)
sid: resolved (fixed in 4.2.4-2)
trixie: resolved (fixed in 4.2.4-2)
GHSA
GHSA-6xcv-87wr-7rfm: ISC DHCP 4
ghsa_unreviewed·2022-05-13
CVE-2012-3955 [HIGH] GHSA-6xcv-87wr-7rfm: ISC DHCP 4
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
OSV
CVE-2012-3955: ISC DHCP 4
osv·2012-09-14·CVSS 7.1
CVE-2012-3955 [HIGH] CVE-2012-3955: ISC DHCP 4
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-3955 dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
bugzilla·2012-09-12·CVSS 7.1
CVE-2012-3955 [HIGH] CVE-2012-3955 dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
CVE-2012-3955 dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
A flaw was reported in ISC DHCP [1] where it was found that reducing the expiration time for an active IPv6 lease could possible cause the dhcpd server to crash, resulting in a denial of service condition for clients.
ISC has recommended that when setting a value for the default-least-time option, that it be done in the configuration file and not reduced once set.
This has been corrected in upstream versions 4.1-ESV-R7 and 4.2.4-P2.
[1] https://kb.isc.org/article/AA-00779/75
Discussion:
Created attachment 612210
fix derived from upstream dhcp-4.2.4-P2
---
Created dhcp tracking bugs for this issue
Affects: fedora-all [bug 856770]
---
Created attachment 613622
patch for dhcp-4.1.1-P1 in RHEL-6
e
Bugzilla
CVE-2012-3955 dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash [fedora-all]
bugzilla·2012-09-12·CVSS 7.1
CVE-2012-3955 [HIGH] CVE-2012-3955 dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash [fedora-all]
CVE-2012-3955 dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/upda
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.htmlhttp://lists.opensuse.org/opensuse-updates/2012-09/msg00088.htmlhttp://lists.opensuse.org/opensuse-updates/2012-09/msg00103.htmlhttp://lists.opensuse.org/opensuse-updates/2012-09/msg00105.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0504.htmlhttp://secunia.com/advisories/51318http://security.gentoo.org/glsa/glsa-201301-06.xmlhttp://www.debian.org/security/2012/dsa-2551http://www.mandriva.com/security/advisories?name=MDVSA-2012:153http://www.securityfocus.com/bid/55530http://www.securitytracker.com/id?1027528http://www.ubuntu.com/usn/USN-1571-1https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_ofhttps://kb.isc.org/article/AA-00779http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.htmlhttp://lists.opensuse.org/opensuse-updates/2012-09/msg00088.htmlhttp://lists.opensuse.org/opensuse-updates/2012-09/msg00103.htmlhttp://lists.opensuse.org/opensuse-updates/2012-09/msg00105.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0504.htmlhttp://secunia.com/advisories/51318http://security.gentoo.org/glsa/glsa-201301-06.xmlhttp://www.debian.org/security/2012/dsa-2551http://www.mandriva.com/security/advisories?name=MDVSA-2012:153http://www.securityfocus.com/bid/55530http://www.securitytracker.com/id?1027528http://www.ubuntu.com/usn/USN-1571-1https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_ofhttps://kb.isc.org/article/AA-00779
2012-09-14
Published