製品・ソフトウェアに関する情報

JVN脆弱性詳細

ISC DHCPv6 にサービス運用妨害 (DoS) の脆弱性

Title	ISC DHCPv6 にサービス運用妨害 (DoS) の脆弱性
Summary	ISC DHCPv6 サーバには、DHCPDECLINE メッセージの処理に起因するサービス運用妨害 (DoS) の脆弱性が存在します。 ISC から、以下の脆弱性情報が公開されています。 “When the DHCPv6 server code processes a message for an address that was previously declined and internally tagged as abandoned it can trigger an assert failure resulting in the server crashing. This could be used to crash DHCPv6 servers remotely. This issue only affects DHCPv6 servers. DHCPv4 servers are unaffected.” なおベンダによると、DHCPv6 サーバは影響を受けますが、DHCPv4 サーバは影響を受けません。
Possible impacts	遠隔の第三者によって、サービス運用妨害 (DoS) 攻撃を受ける可能性があります。
Solution	[アップデートする] ISC が提供する情報をもとに最新版へアップデートしてください。
Publication Date	Jan. 28, 2011, midnight
Registration Date	March 1, 2011, 3:10 p.m.
Last Update	March 1, 2011, 3:10 p.m.

CVSS2.0 : 危険
Score	7.8
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:C

Affected System

レッドハット

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

ISC, Inc.

ISC DHCP 4.0.x から 4.2.x まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-0413	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0413
Knowledge Base
2	CVE-2011-0413: DHCP May Crash After Processing a DHCPv6 Decline Message	https://www.isc.org/software/dhcp/advisories/cve-2011-0413
National Vulnerability Database (NVD)
3	CVE-2011-0413	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0413

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
ISC, Inc.
1	dhcp-4.2.1b1-RELNOTES	http://ftp.isc.org/isc/dhcp/dhcp-4.2.1b1-RELNOTES
2	ISC DHCP Security Vulnerability Disclosure	https://lists.isc.org/pipermail/isc-os-security/2011-January/000000.html
Red Hat Security Advisory
3	RHSA-2011:0256	https://rhn.redhat.com/errata/RHSA-2011-0256.html

その他

No	Name	URL
ISS X-Force Database
1	64959	http://xforce.iss.net/xforce/xfdb/64959
JVN
2	JVNVU#686084	http://jvn.jp/cert/JVNVU686084
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
3	70680	http://osvdb.org/70680
Secunia Advisory
4	SA43006	http://secunia.com/advisories/43006
5	SA43104	http://secunia.com/advisories/43104
SecurityFocus
6	46035	http://www.securityfocus.com/bid/46035
SecurityTracker
7	1024999	http://securitytracker.com/id?1024999
US-CERT Vulnerability Note
8	VU#686084	http://www.kb.cert.org/vuls/id/686084
VUPEN Security
9	VUPEN/ADV-2011-0235	http://www.vupen.com/english/advisories/2011/0235

Change Log

No	Changed Details	Date of change
0	[2011年03月01日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-0413

Summary	The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
Publication Date	Feb. 1, 2011, 6 a.m.
Registration Date	Jan. 28, 2021, 4:37 p.m.
Last Update	Nov. 21, 2024, 10:23 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:isc:dhcp:4.0.2:b2::::::
cpe:2.3:a:isc:dhcp:4.0.2:b3::::::
cpe:2.3:a:isc:dhcp:4.0.2:b1::::::
cpe:2.3:a:isc:dhcp:4.0.1:rc1::::::
cpe:2.3:a:isc:dhcp:4.0.1:b1::::::
cpe:2.3:a:isc:dhcp:4.0.2:rc1::::::
cpe:2.3:a:isc:dhcp:4.0.3:rc1::::::
cpe:2.3:a:isc:dhcp:4.0.0:::::::*
cpe:2.3:a:isc:dhcp:4.0.3:b1::::::
cpe:2.3:a:isc:dhcp:4.0:::::::*
cpe:2.3:a:isc:dhcp:4.0.1:-::::::
cpe:2.3:a:isc:dhcp:4.0.2:-::::::
cpe:2.3:a:isc:dhcp:4.0.3:-::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:isc:dhcp:4.1.1:rc1::::::
cpe:2.3:a:isc:dhcp:4.1.1:b2::::::
cpe:2.3:a:isc:dhcp:4.1.1:b3::::::
cpe:2.3:a:isc:dhcp:4.1.1:b1::::::
cpe:2.3:a:isc:dhcp:4.1.1:-::::::
cpe:2.3:a:isc:dhcp:4.1.0:-::::::
cpe:2.3:a:isc:dhcp:4.1.2:-::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:isc:dhcp:4.0-esv:::::::*
cpe:2.3:a:isc:dhcp:4.1-esv:-::::::

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:isc:dhcp:4.2.0:b2::::::
cpe:2.3:a:isc:dhcp:4.2.0:a2::::::
cpe:2.3:a:isc:dhcp:4.2.0:b1::::::
cpe:2.3:a:isc:dhcp:4.2.0:a1::::::
cpe:2.3:a:isc:dhcp:4.2.0:rc1::::::
cpe:2.3:a:isc:dhcp:4.2.0:p1::::::
cpe:2.3:a:isc:dhcp:4.2.0:-::::::

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html	Third Party Advisory
2	http://secunia.com/advisories/43006	Third Party Advisory
3	http://secunia.com/advisories/43104	Third Party Advisory
4	http://secunia.com/advisories/43167	Third Party Advisory
5	http://secunia.com/advisories/43354	Third Party Advisory
6	http://secunia.com/advisories/43613	Third Party Advisory
7	http://securitytracker.com/id?1024999	Third Party Advisory VDB Entry
8	http://www.debian.org/security/2011/dsa-2184	Third Party Advisory
9	http://www.isc.org/software/dhcp/advisories/cve-2011-0413	Vendor Advisory
10	http://www.kb.cert.org/vuls/id/686084	Third Party Advisory US Government Resource
11	http://www.mandriva.com/security/advisories?name=MDVSA-2011:022	Third Party Advisory
12	http://www.osvdb.org/70680	Broken Link
13	http://www.redhat.com/support/errata/RHSA-2011-0256.html	Third Party Advisory
14	http://www.securityfocus.com/bid/46035	Third Party Advisory VDB Entry
15	http://www.vupen.com/english/advisories/2011/0235	Permissions Required
16	http://www.vupen.com/english/advisories/2011/0266	Permissions Required
17	http://www.vupen.com/english/advisories/2011/0300	Permissions Required
18	http://www.vupen.com/english/advisories/2011/0400	Permissions Required
19	http://www.vupen.com/english/advisories/2011/0583	Permissions Required
20	https://exchange.xforce.ibmcloud.com/vulnerabilities/64959	Third Party Advisory VDB Entry
21	https://kb.isc.org/article/AA-00456	Vendor Advisory
22	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html	Third Party Advisory
23	https://kb.isc.org/article/AA-00456	Vendor Advisory
24	https://exchange.xforce.ibmcloud.com/vulnerabilities/64959	Third Party Advisory VDB Entry
25	http://www.vupen.com/english/advisories/2011/0583	Permissions Required
26	http://www.vupen.com/english/advisories/2011/0400	Permissions Required
27	http://www.vupen.com/english/advisories/2011/0300	Permissions Required
28	http://www.vupen.com/english/advisories/2011/0266	Permissions Required
29	http://www.vupen.com/english/advisories/2011/0235	Permissions Required
30	http://www.securityfocus.com/bid/46035	Third Party Advisory VDB Entry
31	http://www.redhat.com/support/errata/RHSA-2011-0256.html	Third Party Advisory
32	http://www.osvdb.org/70680	Broken Link
33	http://www.mandriva.com/security/advisories?name=MDVSA-2011:022	Third Party Advisory
34	http://www.kb.cert.org/vuls/id/686084	Third Party Advisory US Government Resource
35	http://www.isc.org/software/dhcp/advisories/cve-2011-0413	Vendor Advisory
36	http://www.debian.org/security/2011/dsa-2184	Third Party Advisory
37	http://securitytracker.com/id?1024999	Third Party Advisory VDB Entry
38	http://secunia.com/advisories/43613	Third Party Advisory
39	http://secunia.com/advisories/43354	Third Party Advisory
40	http://secunia.com/advisories/43167	Third Party Advisory
41	http://secunia.com/advisories/43104	Third Party Advisory
42	http://secunia.com/advisories/43006	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:isc:dhcp:4.0.2:b2::::::
cpe:2.3:a:isc:dhcp:4.0.2:b3::::::
cpe:2.3:a:isc:dhcp:4.0.2:b1::::::
cpe:2.3:a:isc:dhcp:4.0.1:rc1::::::
cpe:2.3:a:isc:dhcp:4.0.1:b1::::::
cpe:2.3:a:isc:dhcp:4.0.2:rc1::::::
cpe:2.3:a:isc:dhcp:4.0.3:rc1::::::
cpe:2.3:a:isc:dhcp:4.0.0:::::::*
cpe:2.3:a:isc:dhcp:4.0.3:b1::::::
cpe:2.3:a:isc:dhcp:4.0:::::::*
cpe:2.3:a:isc:dhcp:4.0.1:-::::::
cpe:2.3:a:isc:dhcp:4.0.2:-::::::
cpe:2.3:a:isc:dhcp:4.0.3:-::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:isc:dhcp:4.1.1:rc1::::::
cpe:2.3:a:isc:dhcp:4.1.1:b2::::::
cpe:2.3:a:isc:dhcp:4.1.1:b3::::::
cpe:2.3:a:isc:dhcp:4.1.1:b1::::::
cpe:2.3:a:isc:dhcp:4.1.1:-::::::
cpe:2.3:a:isc:dhcp:4.1.0:-::::::
cpe:2.3:a:isc:dhcp:4.1.2:-::::::

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:isc:dhcp:4.2.0:b2::::::
cpe:2.3:a:isc:dhcp:4.2.0:a2::::::
cpe:2.3:a:isc:dhcp:4.2.0:b1::::::
cpe:2.3:a:isc:dhcp:4.2.0:a1::::::
cpe:2.3:a:isc:dhcp:4.2.0:rc1::::::
cpe:2.3:a:isc:dhcp:4.2.0:p1::::::
cpe:2.3:a:isc:dhcp:4.2.0:-::::::