製品・ソフトウェアに関する情報

JVN脆弱性詳細

ISC DHCP におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性

Title	ISC DHCP におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
Summary	ISC DHCP には、サービス運用妨害 (デーモンクラッシュ) 状態となる脆弱性が存在します。
Possible impacts	第三者により、IPv6 のリース期間を短縮されることで、サービス運用妨害 (デーモンクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 12, 2012, midnight
Registration Date	Sept. 18, 2012, 2:29 p.m.
Last Update	Aug. 27, 2013, 5:19 p.m.

CVSS2.0 : 危険
Score	7.1
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:C

Affected System

ISC, Inc.

ISC DHCP 4.1-ESV-R7 未満の 4.1.x

ISC DHCP 4.2.4-P2 未満の 4.2.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-3955	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3955
Knowledge Base
2	CVE-2012-3955: Reducing the expiration time for an IPv6 lease may cause the server to crash	https://kb.isc.org/article/AA-00779
National Vulnerability Database (NVD)
3	CVE-2012-3955	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3955
SECURITY BLOG
4	CVE-2012-3955 Denial of Service (DoS) vulnerability in ISC DHCP	https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-2551	http://www.debian.org/security/2012/dsa-2551
Gentoo Linux Security Advisory
2	GLSA 201301-06	http://www.gentoo.org/security/en/glsa/glsa-201301-06.xml
opensuse-security-announce
3	openSUSE-SU-2012:1252	http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html
4	openSUSE-SU-2012:1254	http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html
opensuse-updates
5	openSUSE-SU-2012:1234	http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html
Ubuntu Security Notice
6	USN-1571-1	http://www.ubuntu.com/usn/USN-1571-1

Change Log

No	Changed Details	Date of change
0	[2012年09月18日] 掲載 [2012年10月23日] ベンダ情報：openSUSE (openSUSE-SU-2012:1234) を追加 [2012年11月09日] ベンダ情報：Debian (DSA-2551) を追加ベンダ情報：Ubuntu (USN-1571-1) を追加ベンダ情報：openSUSE (openSUSE-SU-2012:1252) を追加ベンダ情報：openSUSE (openSUSE-SU-2012:1254) を追加 [2012年11月28日] ベンダ情報：オラクル (CVE-2012-3955 Denial of Service (DoS) vulnerability in ISC DHCP) を追加 [2013年08月27日] ベンダ情報：Gentoo Linux (GLSA 201301-06) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-3955

Summary	ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
Publication Date	Sept. 14, 2012, 7:33 p.m.
Registration Date	Jan. 28, 2021, 3:01 p.m.
Last Update	Nov. 21, 2024, 10:41 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r3::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r2::::::
cpe:2.3:a:isc:dhcp:4.1.0:a1::::::
cpe:2.3:a:isc:dhcp:4.1.1:rc1::::::
cpe:2.3:a:isc:dhcp:4.1.2:rc1::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r5::::::
cpe:2.3:a:isc:dhcp:4.1-esv:rc1::::::
cpe:2.3:a:isc:dhcp:4.1.1:b1::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r1::::::
cpe:2.3:a:isc:dhcp:4.1.1:b3::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1::::::
cpe:2.3:a:isc:dhcp:4.1.2:p1::::::
cpe:2.3:a:isc:dhcp:4.1.0:a2::::::
cpe:2.3:a:isc:dhcp:4.1.1:b2::::::
cpe:2.3:a:isc:dhcp:4.1.2:b1::::::
cpe:2.3:a:isc:dhcp:4.1.0:b1::::::
cpe:2.3:a:isc:dhcp:4.1.2:-::::::
cpe:2.3:a:isc:dhcp:4.1.0:-::::::
cpe:2.3:a:isc:dhcp:4.1.1:-::::::
cpe:2.3:a:isc:dhcp:4.1-esv:-::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r6::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r4::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:7.0:::::::*
cpe:2.3:o:debian:debian_linux:6.0:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html	Third Party Advisory
2	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html	Third Party Advisory
3	http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html	Third Party Advisory
4	http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html	Third Party Advisory
5	http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html	Third Party Advisory
6	http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html	Third Party Advisory
7	http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html	Mailing List Third Party Advisory
13	http://rhn.redhat.com/errata/RHSA-2013-0504.html	Third Party Advisory
14	http://rhn.redhat.com/errata/RHSA-2013-0504.html	Third Party Advisory
15	http://secunia.com/advisories/51318	Third Party Advisory
16	http://secunia.com/advisories/51318	Third Party Advisory
17	http://security.gentoo.org/glsa/glsa-201301-06.xml	Third Party Advisory
18	http://security.gentoo.org/glsa/glsa-201301-06.xml	Third Party Advisory
19	http://www.debian.org/security/2012/dsa-2551	Third Party Advisory
20	http://www.debian.org/security/2012/dsa-2551	Third Party Advisory
21	http://www.mandriva.com/security/advisories?name=MDVSA-2012:153	Third Party Advisory
22	http://www.mandriva.com/security/advisories?name=MDVSA-2012:153	Third Party Advisory
23	http://www.securityfocus.com/bid/55530	Third Party Advisory VDB Entry
24	http://www.securityfocus.com/bid/55530	Third Party Advisory VDB Entry
25	http://www.securitytracker.com/id?1027528	Third Party Advisory VDB Entry
26	http://www.securitytracker.com/id?1027528	Third Party Advisory VDB Entry
27	http://www.ubuntu.com/usn/USN-1571-1	Third Party Advisory
28	http://www.ubuntu.com/usn/USN-1571-1	Third Party Advisory
29	https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of	Third Party Advisory
30	https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of	Third Party Advisory
31	https://kb.isc.org/article/AA-00779	Vendor Advisory
32	https://kb.isc.org/article/AA-00779	Vendor Advisory

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r3::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r2::::::
cpe:2.3:a:isc:dhcp:4.1.0:a1::::::
cpe:2.3:a:isc:dhcp:4.1.1:rc1::::::
cpe:2.3:a:isc:dhcp:4.1.2:rc1::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r5::::::
cpe:2.3:a:isc:dhcp:4.1-esv:rc1::::::
cpe:2.3:a:isc:dhcp:4.1.1:b1::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r1::::::
cpe:2.3:a:isc:dhcp:4.1.1:b3::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1::::::
cpe:2.3:a:isc:dhcp:4.1.2:p1::::::
cpe:2.3:a:isc:dhcp:4.1.0:a2::::::
cpe:2.3:a:isc:dhcp:4.1.1:b2::::::
cpe:2.3:a:isc:dhcp:4.1.2:b1::::::
cpe:2.3:a:isc:dhcp:4.1.0:b1::::::
cpe:2.3:a:isc:dhcp:4.1.2:-::::::
cpe:2.3:a:isc:dhcp:4.1.0:-::::::
cpe:2.3:a:isc:dhcp:4.1.1:-::::::
cpe:2.3:a:isc:dhcp:4.1-esv:-::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r6::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r4::::::
cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1::::::