CVE-2010-3616
MEDIUM severity · CVSS 5 · Improper input validation
5CVSS MEDIUM
Summary
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)8%
AV:N/AC:L/Au:N/C:N/I:N/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/42618Advisory
- http://www.vupen.com/english/advisories/2010/3208Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html
- http://secunia.com/advisories/42682
- http://www.kb.cert.org/vuls/id/159528
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:001
- http://www.securityfocus.com/bid/45360
- http://www.securitytracker.com/id?1024862