[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2012:1141-01 -- Redhat dhcp

ID: oval:org.secpod.oval:def:500865Date: (C)2012-08-25   (M)2023-12-07
Class: PATCHFamily: unix




The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests. Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of CVE-2012-3571, and Glen Eustace of Massey University, New Zealand, as the original reporter of CVE-2012-3954. Users of DHCP should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all DHCP servers will be restarted automatically.

Platform:
Red Hat Enterprise Linux 6
Product:
dhcp
Reference:
RHSA-2012:1141-01
CVE-2012-3571
CVE-2012-3954
CVE    2
CVE-2012-3571
CVE-2012-3954
CPE    43
cpe:/a:isc:dhcp:4.2.1:b1
cpe:/a:isc:dhcp:4.1.1:rc1
cpe:/a:isc:dhcp:4.2.0:a2
cpe:/a:isc:dhcp:4.2.0:a1
...

© SecPod Technologies