CVE-2009-1892
MEDIUM severity · CVSS 5 · CWE-16
5CVSS MEDIUM
Summary
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)9%
AV:N/AC:L/Au:N/C:N/I:N/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: http://www.debian.org/security/2009/dsa-1833 ↗
Additional information
- NVD record
- http://www.debian.org/security/2009/dsa-1833Patch
- http://www.securityfocus.com/bid/35669Patch
- http://secunia.com/advisories/35830Advisory
- http://secunia.com/advisories/35851Advisory
- http://secunia.com/advisories/36457
- http://secunia.com/advisories/37342
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:154
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51717