Vulnerability Details : CVE-2010-3616
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-3616
Probability of exploitation activity in the next 30 days: 11.64%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3616
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-3616
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3616
-
https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html
404 Not Found
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:001
mandriva.com
-
http://www.vupen.com/english/advisories/2011/0052
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html
[SECURITY] Fedora 14 Update: dhcp-4.2.0-16.P2.fc14
-
http://www.kb.cert.org/vuls/id/159528
VU#159528 - ISC DHCP server vulnerabilityUS Government Resource
-
https://www.isc.org/software/dhcp/advisories/cve-2010-3616
CVE-2010-3616: DHCP: Server Hangs with TCP to Failover Peer Port - Security AdvisoriesVendor Advisory
-
http://www.securitytracker.com/id?1024862
ISC DHCP TCP Failover Bug Lets Remote Users Deny Service - SecurityTracker
-
http://www.securityfocus.com/bid/45360
ISC DHCP Server Failover Peer Port Field Denial of Service Vulnerability
-
http://www.vupen.com/english/advisories/2010/3208
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2010-3616
- cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*