fkie_cve-2011-4539
Vulnerability from fkie_nvd
Published
2011-12-08 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2011-12/msg00006.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/47153Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/47178Third Party Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-201301-06.xmlThird Party Advisory
cve@mitre.orghttp://www.debian.org/security/2012/dsa-2519Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:182Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/50971Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id?1026393Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1309-1Third Party Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/71680Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.isc.org/software/dhcp/advisories/cve-2011-4539Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47153Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47178Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201301-06.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2519Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:182Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/50971Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026393Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1309-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/71680Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.isc.org/software/dhcp/advisories/cve-2011-4539Vendor Advisory
Impacted products
Vendor Product Version
isc dhcp 4.0
isc dhcp 4.0.0
isc dhcp 4.0.1
isc dhcp 4.0.1
isc dhcp 4.0.1
isc dhcp 4.0.2
isc dhcp 4.0.2
isc dhcp 4.0.2
isc dhcp 4.0.2
isc dhcp 4.0.2
isc dhcp 4.0.3
isc dhcp 4.0.3
isc dhcp 4.0.3
isc dhcp 4.1.1
isc dhcp 4.1.1
isc dhcp 4.1.2
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.1
isc dhcp 4.2.1
isc dhcp 4.2.1
isc dhcp 4.2.2
isc dhcp 4.2.2
isc dhcp 4.2.2
isc dhcp 4.2.3
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.1-esv
canonical ubuntu_linux 11.04
canonical ubuntu_linux 11.10
debian debian_linux 6.0
debian debian_linux 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "685EB87F-756C-4DBA-A347-171470EA0B47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79DA60EA-F94F-4890-BF9E-E142BC219118",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "22F98A8C-2C14-40F2-9CA6-FDB909CAB4EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "1F1D4AC8-EF46-4770-88D0-8625CA3B0494",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FAD5E62F-2C6E-4E78-BDED-1E98F4B6AB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D90EE731-495C-41B3-B525-CB45392D0190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*",
              "matchCriteriaId": "09AEAAB7-65FD-4126-A885-813A68B2C942",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*",
              "matchCriteriaId": "BB509C28-72ED-4363-B56A-92D4427FB4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*",
              "matchCriteriaId": "53F71472-2EC8-441A-B27A-201BEE567717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "584F117E-BDF9-43C5-A870-52EC88855416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "757A6609-79A3-4E52-9CB0-AB830172A69B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.3:b1:*:*:*:*:*:*",
              "matchCriteriaId": "3B3EFEAF-F562-488B-9EF4-1467CEF719AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F028BC86-1573-4B86-9976-5F0DA4DB6CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*",
              "matchCriteriaId": "E6CE1A0F-BE1E-4312-B68F-F09B05929F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "17B6DEFA-0977-474A-9871-B03DEE924ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE50853A-BAE7-499B-A3D7-468A08A07BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "5E91F700-F59A-491F-BA99-53EC79E573D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.2:b1:*:*:*:*:*:*",
              "matchCriteriaId": "53551545-041A-456F-BC81-E05A6B3CB198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F3DBB40-638E-4A4B-99B4-534D2564E146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "0B921430-F03C-42DB-A362-562136B01445",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
              "matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*",
              "matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*",
              "matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*",
              "matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*",
              "matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet."
    },
    {
      "lang": "es",
      "value": "dhcpd en ISC DHCP v4.x antes de v4.2.3-P1 y v4.1-ESV antes de v4.1-ESV-R4 no manipula correctamente expresiones regulares en dhcpd.conf, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del deminio) a trav\u00e9s de un paquete de petici\u00f3n modificado."
    }
  ],
  "id": "CVE-2011-4539",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-08T11:55:02.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/47153"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/47178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2519"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/50971"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1026393"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1309-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/47153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/47178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/50971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1026393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1309-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4539"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.