CVE-2009-1892 - OpenCVE

dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Isc	Dhcp

Configuration 1 [-]

OR	cpe:2.3:a:isc:dhcp:3.0.4:::::::*
	cpe:2.3:a:isc:dhcp:3.0.4_b1:::::::*
	cpe:2.3:a:isc:dhcp:3.0.4_b2:::::::*
	cpe:2.3:a:isc:dhcp:3.0.4_b3:::::::*
	cpe:2.3:a:isc:dhcp:3.1.1:::::::*

References

Link	Resource
http://secunia.com/advisories/35830	Vendor Advisory
http://secunia.com/advisories/35851	Vendor Advisory
http://secunia.com/advisories/36457
http://secunia.com/advisories/37342
http://www.debian.org/security/2009/dsa-1833	Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:154
http://www.securityfocus.com/bid/35669	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/51717
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2009-07-17T16:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-06-02T00:00:00

Link: CVE-2009-1892

JSON object: View

NVD Information

Status : Modified

Published: 2009-07-17T16:30:00.843

Modified: 2017-08-17T01:30:33.367

Link: CVE-2009-1892

JSON object: View

Redhat Information

No data.

CWE

CWE-16

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-14T00:00:00", "descriptions": [{"lang": "en", "value": "dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "35830", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35830"}, {"name": "dhcp-dhcp-dos(51717)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51717"}, {"name": "FEDORA-2009-9075", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"}, {"name": "DSA-1833", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1833"}, {"name": "35669", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35669"}, {"name": "37342", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37342"}, {"name": "35851", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35851"}, {"name": "36457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36457"}, {"name": "MDVSA-2009:154", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:154"}, {"name": "FEDORA-2009-8344", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-1892", "datePublished": "2009-07-17T16:00:00", "dateReserved": "2009-06-02T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "1269D9FF-C497-4FA5-90DA-302A9FC1EB75", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.4_b1:*:*:*:*:*:*:*", "matchCriteriaId": "34BCCA79-76A8-494A-94CA-BB8FA11891DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.4_b2:*:*:*:*:*:*:*", "matchCriteriaId": "5442D329-81D5-4891-A063-FC6A07D7E1FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.4_b3:*:*:*:*:*:*:*", "matchCriteriaId": "14F64C1F-92E7-4190-9472-046F34C28539", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "22D732C6-F89B-4FCA-A949-3F67B4E7A7F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests."}, {"lang": "es", "value": "dhcpd en ISC DHCP v3.0.4 y v3.1.1, cuando se utilizan de forma simult\u00e1nea el identificador de cliente dhcp y la configuraci\u00f3n de hardware ethernet, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n no especificada."}], "id": "CVE-2009-1892", "lastModified": "2017-08-17T01:30:33.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-17T16:30:00.843", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35830"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35851"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/36457"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37342"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.debian.org/security/2009/dsa-1833"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:154"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/35669"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51717"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. Red Hat Enterprise Linux 3, 4, and 5 provide earlier versions of ISC DHCP which are not vulnerable to this issue.", "lastModified": "2009-07-20T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}