FreeBSD : isc-dhcp-server -- Empty link-address denial of service (f154a3c7-f7f4-11df-b617-00e0815b8da8)

medium Nessus Plugin ID 50815

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

ISC reports :

If the server receives a DHCPv6 packet containing one or more Relay-Forward messages, and none of them supply an address in the Relay-Forward link-address field, then the server will crash. This can be used as a single packet crash attack vector.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?57b116e8

http://www.nessus.org/u?876d8877

Plugin Details

Severity: Medium

ID: 50815

File Name: freebsd_pkg_f154a3c7f7f411dfb61700e0815b8da8.nasl

Version: 1.10

Type: local

Published: 11/28/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:isc-dhcp41-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/24/2010

Vulnerability Publication Date: 11/2/2010

Reference Information

CVE: CVE-2010-3611

CERT: 102047