Vulnerabilities > ISC > Dhcp > 4.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-01-15 | CVE-2011-4868 | Resource Management Errors vulnerability in ISC Dhcp The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update. | 6.1 |
2011-12-08 | CVE-2011-4539 | Improper Input Validation vulnerability in multiple products dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet. | 5.0 |
2011-08-15 | CVE-2011-2749 | Improper Input Validation vulnerability in multiple products The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. | 7.8 |
2011-08-15 | CVE-2011-2748 | Improper Input Validation vulnerability in multiple products The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet. | 7.8 |
2011-04-08 | CVE-2011-0997 | Improper Input Validation vulnerability in multiple products dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | 7.5 |
2011-01-31 | CVE-2011-0413 | Improper Input Validation vulnerability in ISC Dhcp The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address. | 7.8 |
2010-12-17 | CVE-2010-3616 | Improper Input Validation vulnerability in ISC Dhcp 4.2.0 ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520. | 5.0 |
2010-11-04 | CVE-2010-3611 | Denial of Service vulnerability in ISC DHCP Server Relay-Forward Empty Link-Address Field ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field. network isc | 4.3 |