Vulnerability Description
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Dhcp | 4.2.0 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.h
- http://secunia.com/advisories/42618Vendor Advisory
- http://secunia.com/advisories/42682
- http://www.kb.cert.org/vuls/id/159528US Government Resource
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:001
- http://www.securityfocus.com/bid/45360
- http://www.securitytracker.com/id?1024862
- http://www.vupen.com/english/advisories/2010/3208Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0052
- https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html
- https://www.isc.org/software/dhcp/advisories/cve-2010-3616Vendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.h
- http://secunia.com/advisories/42618Vendor Advisory
- http://secunia.com/advisories/42682
- http://www.kb.cert.org/vuls/id/159528US Government Resource
FAQ
What is CVE-2010-3616?
CVE-2010-3616 is a vulnerability with a CVSS score of 5.0 (MEDIUM). ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) ...
How severe is CVE-2010-3616?
CVE-2010-3616 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3616?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Dhcp.