Vulnerabilities > CVE-2010-2156 - Numeric Errors vulnerability in ISC Dhcp
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 15 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | ISC-DHCPD Denial of Service. CVE-2010-2156. Dos exploits for multiple platform |
file | exploits/multiple/dos/14185.py |
id | EDB-ID:14185 |
last seen | 2016-02-01 |
modified | 2010-07-03 |
platform | multiple |
port | |
published | 2010-07-03 |
reporter | sid |
source | https://www.exploit-db.com/download/14185/ |
title | ISC-DHCPD Denial of Service |
type | dos |
Metasploit
description | This module performs a Denial of Service Attack against the ISC DHCP server, versions 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1. It sends out a DHCP Request message with a 0-length client_id option for an IP address on the appropriate range for the dhcp server. When ISC DHCP Server tries to hash this value it exits abnormally. |
id | MSF:AUXILIARY/DOS/DHCP/ISC_DHCPD_CLIENTID |
last seen | 2020-03-03 |
modified | 2019-03-05 |
published | 2011-04-11 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2156 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb |
title | ISC DHCP Zero Length ClientID Denial of Service Module |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-10083.NASL description Fix for CVE-2010-2156 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47209 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47209 title Fedora 11 : dhcp-4.1.0p1-6.fc11 (2010-10083) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-10083. # include("compat.inc"); if (description) { script_id(47209); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-2156"); script_bugtraq_id(35668, 35669, 40775); script_xref(name:"FEDORA", value:"2010-10083"); script_name(english:"Fedora 11 : dhcp-4.1.0p1-6.fc11 (2010-10083)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for CVE-2010-2156 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=601403" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/043344.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c7800204" ); script_set_attribute(attribute:"solution", value:"Update the affected dhcp package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dhcp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC11", reference:"dhcp-4.1.0p1-6.fc11")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhcp"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-114.NASL description A vulnerability has been found and corrected in dhcp : ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID (CVE-2010-2156). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 48187 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48187 title Mandriva Linux Security Advisory : dhcp (MDVSA-2010:114) NASL family Fedora Local Security Checks NASL id FEDORA_2010-17303.NASL description - Thu Nov 4 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-27.P1 - Fix for CVE-2010-3611 (#649880) - Wed Oct 13 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-26.P1 - Server was ignoring client last seen 2020-06-01 modified 2020-06-02 plugin id 50682 published 2010-11-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50682 title Fedora 13 : dhcp-4.1.1-27.P1.fc13 (2010-17303) NASL family Fedora Local Security Checks NASL id FEDORA_2010-9433.NASL description This is a patch release of ISC DHCP 4.1.1, which contains a pair of bug fixes including one for a security related bug. http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47535 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47535 title Fedora 13 : dhcp-4.1.1-22.P1.fc13 (2010-9433) NASL family Fedora Local Security Checks NASL id FEDORA_2010-9479.NASL description This is a patch release of ISC DHCP 4.1.1, which contains a pair of bug fixes including one for a security related bug. http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47536 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47536 title Fedora 12 : dhcp-4.1.1-17.P1.fc12 (2010-9479)
Packetstorm
data source | https://packetstormsecurity.com/files/download/91440/iscdhcpd-dos.txt |
id | PACKETSTORM:91440 |
last seen | 2016-12-05 |
published | 2010-07-03 |
reporter | sid |
source | https://packetstormsecurity.com/files/91440/ISC-DHCPd-Denial-Of-Service.html |
title | ISC DHCPd Denial Of Service |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:69254 |
last seen | 2017-11-19 |
modified | 2014-07-01 |
published | 2014-07-01 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-69254 |
title | ISC-DHCPD Denial of Service |
References
- http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES
- http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html
- http://secunia.com/advisories/40116
- http://www.exploit-db.com/exploits/14185
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:114
- http://www.securityfocus.com/bid/40775
- http://www.securitytracker.com/id?1024093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59222