Vulnerabilities > CVE-2010-2156 - Numeric Errors vulnerability in ISC Dhcp

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
isc
CWE-189
nessus
exploit available
metasploit

Summary

ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.

Vulnerable Configurations

Part Description Count
Application
Isc
15

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionISC-DHCPD Denial of Service. CVE-2010-2156. Dos exploits for multiple platform
fileexploits/multiple/dos/14185.py
idEDB-ID:14185
last seen2016-02-01
modified2010-07-03
platformmultiple
port
published2010-07-03
reportersid
sourcehttps://www.exploit-db.com/download/14185/
titleISC-DHCPD Denial of Service
typedos

Metasploit

descriptionThis module performs a Denial of Service Attack against the ISC DHCP server, versions 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1. It sends out a DHCP Request message with a 0-length client_id option for an IP address on the appropriate range for the dhcp server. When ISC DHCP Server tries to hash this value it exits abnormally.
idMSF:AUXILIARY/DOS/DHCP/ISC_DHCPD_CLIENTID
last seen2020-03-03
modified2019-03-05
published2011-04-11
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2156
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb
titleISC DHCP Zero Length ClientID Denial of Service Module

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-10083.NASL
    descriptionFix for CVE-2010-2156 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47209
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47209
    titleFedora 11 : dhcp-4.1.0p1-6.fc11 (2010-10083)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-10083.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47209);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:31");
    
      script_cve_id("CVE-2010-2156");
      script_bugtraq_id(35668, 35669, 40775);
      script_xref(name:"FEDORA", value:"2010-10083");
    
      script_name(english:"Fedora 11 : dhcp-4.1.0p1-6.fc11 (2010-10083)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix for CVE-2010-2156
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=601403"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/043344.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c7800204"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected dhcp package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dhcp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/06/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC11", reference:"dhcp-4.1.0p1-6.fc11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhcp");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-114.NASL
    descriptionA vulnerability has been found and corrected in dhcp : ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID (CVE-2010-2156). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id48187
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48187
    titleMandriva Linux Security Advisory : dhcp (MDVSA-2010:114)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-17303.NASL
    description - Thu Nov 4 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-27.P1 - Fix for CVE-2010-3611 (#649880) - Wed Oct 13 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-26.P1 - Server was ignoring client
    last seen2020-06-01
    modified2020-06-02
    plugin id50682
    published2010-11-23
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50682
    titleFedora 13 : dhcp-4.1.1-27.P1.fc13 (2010-17303)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-9433.NASL
    descriptionThis is a patch release of ISC DHCP 4.1.1, which contains a pair of bug fixes including one for a security related bug. http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47535
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47535
    titleFedora 13 : dhcp-4.1.1-22.P1.fc13 (2010-9433)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-9479.NASL
    descriptionThis is a patch release of ISC DHCP 4.1.1, which contains a pair of bug fixes including one for a security related bug. http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47536
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47536
    titleFedora 12 : dhcp-4.1.1-17.P1.fc12 (2010-9479)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/91440/iscdhcpd-dos.txt
idPACKETSTORM:91440
last seen2016-12-05
published2010-07-03
reportersid
sourcehttps://packetstormsecurity.com/files/91440/ISC-DHCPd-Denial-Of-Service.html
titleISC DHCPd Denial Of Service

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:69254
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-69254
titleISC-DHCPD Denial of Service