Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-0413

The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.

Published

2011-01-31T21:00:18.110

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

6.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	isc	dhcp	4.0	Yes
Application	isc	dhcp	4.0.0	Yes
Application	isc	dhcp	4.0.1	Yes
Application	isc	dhcp	4.0.1	Yes
Application	isc	dhcp	4.0.1	Yes
Application	isc	dhcp	4.0.2	Yes
Application	isc	dhcp	4.0.2	Yes
Application	isc	dhcp	4.0.2	Yes
Application	isc	dhcp	4.0.2	Yes
Application	isc	dhcp	4.0.2	Yes
Application	isc	dhcp	4.0.3	Yes
Application	isc	dhcp	4.0.3	Yes
Application	isc	dhcp	4.0.3	Yes
Application	isc	dhcp	4.1.0	Yes
Application	isc	dhcp	4.1.1	Yes
Application	isc	dhcp	4.1.1	Yes
Application	isc	dhcp	4.1.1	Yes
Application	isc	dhcp	4.1.1	Yes
Application	isc	dhcp	4.1.1	Yes
Application	isc	dhcp	4.1.2	Yes
Application	isc	dhcp	4.0-esv	Yes
Application	isc	dhcp	4.1-esv	Yes
Application	isc	dhcp	4.2.0	Yes
Application	isc	dhcp	4.2.0	Yes
Application	isc	dhcp	4.2.0	Yes
Application	isc	dhcp	4.2.0	Yes
Application	isc	dhcp	4.2.0	Yes
Application	isc	dhcp	4.2.0	Yes
Application	isc	dhcp	4.2.0	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html Third Party Advisory ([email protected])
http://secunia.com/advisories/43006 Third Party Advisory ([email protected])
http://secunia.com/advisories/43104 Third Party Advisory ([email protected])
http://secunia.com/advisories/43167 Third Party Advisory ([email protected])
http://secunia.com/advisories/43354 Third Party Advisory ([email protected])
http://secunia.com/advisories/43613 Third Party Advisory ([email protected])
http://securitytracker.com/id?1024999 Third Party Advisory, VDB Entry ([email protected])
http://www.debian.org/security/2011/dsa-2184 Third Party Advisory ([email protected])
http://www.isc.org/software/dhcp/advisories/cve-2011-0413 Vendor Advisory ([email protected])
http://www.kb.cert.org/vuls/id/686084 Third Party Advisory, US Government Resource ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:022 Third Party Advisory ([email protected])
http://www.osvdb.org/70680 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0256.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/46035 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2011/0235 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2011/0266 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2011/0300 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2011/0400 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2011/0583 Permissions Required ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/64959 Third Party Advisory, VDB Entry ([email protected])
https://kb.isc.org/article/AA-00456 Vendor Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43006 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43104 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43167 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43354 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43613 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1024999 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2184 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.isc.org/software/dhcp/advisories/cve-2011-0413 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/686084 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:022 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/70680 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0256.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/46035 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0235 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0266 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0300 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0400 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0583 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64959 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://kb.isc.org/article/AA-00456 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)