CVE-2011-4539: Input Validation
First published: Thu Dec 08 2011(Updated: )
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC DHCP | =4.0.2-b2 | |
| ISC DHCP | =4.0.2-b3 | |
| ISC DHCP | =4.2.2-rc1 | |
| ISC DHCP | =4.2.2-b1 | |
| ISC DHCP | =4.1.1-rc1 | |
| ISC DHCP | =4.2.0-b2 | |
| ISC DHCP | =4.0.2-b1 | |
| ISC DHCP | =4.2.0-a2 | |
| ISC DHCP | =4.0.1-rc1 | |
| ISC DHCP | =4.2.0-b1 | |
| ISC DHCP | =4.2.1-rc1 | |
| ISC DHCP | =4.2.0-a1 | |
| ISC DHCP | =4.0.1-b1 | |
| ISC DHCP | =4.0.2-rc1 | |
| ISC DHCP | =4.0.3-rc1 | |
| ISC DHCP | =4.0.0 | |
| ISC DHCP | =4.1.1-b3 | |
| ISC DHCP | =4.0.3-b1 | |
| ISC DHCP | =4.2.1-b1 | |
| ISC DHCP | =4.2.0-rc1 | |
| ISC DHCP | =4.0 | |
| ISC DHCP | =4.2.0-p1 | |
| ISC DHCP | =4.1.2 | |
| ISC DHCP | =4.0.1 | |
| ISC DHCP | =4.0.2 | |
| ISC DHCP | =4.0.3 | |
| ISC DHCP | =4.2.0 | |
| ISC DHCP | =4.2.1 | |
| ISC DHCP | =4.2.2 | |
| ISC DHCP | =4.2.3 | |
| ISC DHCP | =4.1-esv-r3_b1 | |
| ISC DHCP | =4.1-esv-r3 | |
| ISC DHCP | =4.1-esv-r2 | |
| ISC DHCP | =4.1-esv-r1 | |
| ISC DHCP | =4.1-esv | |
| Ubuntu | =11.04 | |
| Ubuntu | =11.10 | |
| Debian Linux | =7.0 | |
| Debian Linux | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.isc.org/software/dhcp/advisories/cve-2011-4539
- http://www.securitytracker.com/id?1026393
- http://www.securityfocus.com/bid/50971
- http://secunia.com/advisories/47153
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:182
- http://www.ubuntu.com/usn/USN-1309-1
- http://secunia.com/advisories/47178
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html
- http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html
- http://www.debian.org/security/2012/dsa-2519
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html
- http://security.gentoo.org/glsa/glsa-201301-06.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71680
Frequently Asked Questions
What is the severity of CVE-2011-4539?
CVE-2011-4539 has been classified as a moderate severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2011-4539?
To fix CVE-2011-4539, upgrade to ISC DHCP version 4.2.3-P1 or 4.1-ESV-R4 or later.
Which versions of ISC DHCP are affected by CVE-2011-4539?
CVE-2011-4539 affects ISC DHCP versions 4.0, 4.1-ESV up to 4.1-ESV-R3, and versions earlier than 4.2.3-P1.
What type of attack can exploit CVE-2011-4539?
CVE-2011-4539 can be exploited by remote attackers to send crafted request packets that cause the DHCP daemon to crash.
Is CVE-2011-4539 related to DNS issues?
No, CVE-2011-4539 specifically pertains to the DHCP daemon and its handling of regular expressions, not DNS.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/isc
- canonical/isc dhcp
- version/isc dhcp/4.0.2-b2
- version/isc dhcp/4.0.2-b3
- version/isc dhcp/4.2.2-rc1
- version/isc dhcp/4.2.2-b1
- version/isc dhcp/4.1.1-rc1
- version/isc dhcp/4.2.0-b2
- version/isc dhcp/4.0.2-b1
- version/isc dhcp/4.2.0-a2
- version/isc dhcp/4.0.1-rc1
- version/isc dhcp/4.2.0-b1
- version/isc dhcp/4.2.1-rc1
- version/isc dhcp/4.2.0-a1
- version/isc dhcp/4.0.1-b1
- version/isc dhcp/4.0.2-rc1
- version/isc dhcp/4.0.3-rc1
- version/isc dhcp/4.0.0
- version/isc dhcp/4.1.1-b3
- version/isc dhcp/4.0.3-b1
- version/isc dhcp/4.2.1-b1
- version/isc dhcp/4.2.0-rc1
- version/isc dhcp/4.0
- version/isc dhcp/4.2.0-p1
- version/isc dhcp/4.1.2
- version/isc dhcp/4.0.1
- version/isc dhcp/4.0.2
- version/isc dhcp/4.0.3
- version/isc dhcp/4.2.0
- version/isc dhcp/4.2.1
- version/isc dhcp/4.2.2
- version/isc dhcp/4.2.3
- version/isc dhcp/4.1-esv-r3_b1
- version/isc dhcp/4.1-esv-r3
- version/isc dhcp/4.1-esv-r2
- version/isc dhcp/4.1-esv-r1
- version/isc dhcp/4.1-esv
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/11.04
- version/ubuntu/11.10
- vendor/debian
- canonical/debian linux
- version/debian linux/7.0
- version/debian linux/6.0