5
CVE-2010-3616
- EPSS 7.95%
- Veröffentlicht 17.12.2010 19:00:20
- Zuletzt bearbeitet 16.06.2026 23:23:08
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.95% | 0.94 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html
http://secunia.com/advisories/42618
http://secunia.com/advisories/42682
http://www.kb.cert.org/vuls/id/159528
http://www.mandriva.com/security/advisories?name=MDVSA-2011:001
http://www.securityfocus.com/bid/45360
http://www.securitytracker.com/id?1024862
http://www.vupen.com/english/advisories/2010/3208
http://www.vupen.com/english/advisories/2011/0052
https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html
https://www.isc.org/software/dhcp/advisories/cve-2010-3616