The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Isc
  • Dhcp
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:isc:dhcp:4.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.1:-:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.1:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.2:-:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.2:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.2:b2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.2:b3:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.3:-:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.3:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.0.3:rc1:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:isc:dhcp:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.1.1:-:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.1.1:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.1.1:b2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.1.1:b3:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.1.2:-:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:isc:dhcp:4.0-esv:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
dhcp-12:4.1.1-12.P1.el6_0.2 cpe:/o:redhat:enterprise_linux:6 RHSA-2011:0256 2011-02-15T00:00:00Z
References
Link Providers
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html cve-icon cve-icon
http://secunia.com/advisories/43006 cve-icon cve-icon
http://secunia.com/advisories/43104 cve-icon cve-icon
http://secunia.com/advisories/43167 cve-icon cve-icon
http://secunia.com/advisories/43354 cve-icon cve-icon
http://secunia.com/advisories/43613 cve-icon cve-icon
http://securitytracker.com/id?1024999 cve-icon cve-icon
http://www.debian.org/security/2011/dsa-2184 cve-icon cve-icon
http://www.isc.org/software/dhcp/advisories/cve-2011-0413 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/686084 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2011:022 cve-icon cve-icon
http://www.osvdb.org/70680 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2011-0256.html cve-icon cve-icon
http://www.securityfocus.com/bid/46035 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0235 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0266 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0300 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0400 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0583 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/64959 cve-icon cve-icon
https://kb.isc.org/article/AA-00456 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2011-0413 cve-icon
https://www.cve.org/CVERecord?id=CVE-2011-0413 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2024-08-06T21:51:09.081Z

Reserved: 2011-01-11T00:00:00

Link: CVE-2011-0413

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2011-01-31T21:00:18.110

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-0413

cve-icon Redhat

Severity : Moderate

Publid Date: 2011-01-26T00:00:00Z

Links: CVE-2011-0413 - Bugzilla