CVE-2015-8605

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

CVSS v3 6.5 MEDIUM
CVSS v2.0 5.7 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.7^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 5.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html	Mailing List Third Party Advisory
http://www.debian.org/security/2016/dsa-3442	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	Third Party Advisory
http://www.securityfocus.com/bid/80703	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034657	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2868-1	Third Party Advisory
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/	Third Party Advisory
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/	Third Party Advisory
https://kb.isc.org/article/AA-01334	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html	Mailing List Third Party Advisory
http://www.debian.org/security/2016/dsa-3442	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	Third Party Advisory
http://www.securityfocus.com/bid/80703	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034657	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2868-1	Third Party Advisory
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/	Third Party Advisory
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/	Third Party Advisory
https://kb.isc.org/article/AA-01334	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sophos:unified_threat_management_up2date::::::::
	cpe:2.3:a:sophos:unified_threat_management_up2date::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:isc:dhcp:4.0.0:::::::*
	cpe:2.3:a:isc:dhcp:4.0.1:::::::*
	cpe:2.3:a:isc:dhcp:4.0.2:-::::::
	cpe:2.3:a:isc:dhcp:4.0.2:p1::::::
	cpe:2.3:a:isc:dhcp:4.0.3:-::::::
	cpe:2.3:a:isc:dhcp:4.0.3:rc1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:-::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r10::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r12::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r2::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r3::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r4::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r5::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r6::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r7::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r8::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r9::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1::::::
	cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1::::::
	cpe:2.3:a:isc:dhcp:4.1.0:-::::::
	cpe:2.3:a:isc:dhcp:4.1.1:-::::::
	cpe:2.3:a:isc:dhcp:4.1.1:p1::::::
	cpe:2.3:a:isc:dhcp:4.1.2:-::::::
	cpe:2.3:a:isc:dhcp:4.1.2:b1::::::
	cpe:2.3:a:isc:dhcp:4.1.2:p1::::::
	cpe:2.3:a:isc:dhcp:4.1.2:rc1::::::
	cpe:2.3:a:isc:dhcp:4.2.0:-::::::
	cpe:2.3:a:isc:dhcp:4.2.0:p1::::::
	cpe:2.3:a:isc:dhcp:4.2.0:p2::::::
	cpe:2.3:a:isc:dhcp:4.2.1:-::::::
	cpe:2.3:a:isc:dhcp:4.2.1:b1::::::
	cpe:2.3:a:isc:dhcp:4.2.1:p1::::::
	cpe:2.3:a:isc:dhcp:4.2.1:rc1::::::
	cpe:2.3:a:isc:dhcp:4.2.2:-::::::
	cpe:2.3:a:isc:dhcp:4.2.2:b1::::::
	cpe:2.3:a:isc:dhcp:4.2.2:rc1::::::
	cpe:2.3:a:isc:dhcp:4.2.3:-::::::
	cpe:2.3:a:isc:dhcp:4.2.3:p1::::::
	cpe:2.3:a:isc:dhcp:4.2.3:p2::::::
	cpe:2.3:a:isc:dhcp:4.2.4:-::::::
	cpe:2.3:a:isc:dhcp:4.2.4:b1::::::
	cpe:2.3:a:isc:dhcp:4.2.4:p1::::::
	cpe:2.3:a:isc:dhcp:4.2.4:p2::::::
	cpe:2.3:a:isc:dhcp:4.2.4:rc1::::::
	cpe:2.3:a:isc:dhcp:4.2.4:rc2::::::
	cpe:2.3:a:isc:dhcp:4.2.5:-::::::
	cpe:2.3:a:isc:dhcp:4.2.5:b1::::::
	cpe:2.3:a:isc:dhcp:4.2.5:p1::::::
	cpe:2.3:a:isc:dhcp:4.2.5:rc1::::::
	cpe:2.3:a:isc:dhcp:4.2.6:-::::::
	cpe:2.3:a:isc:dhcp:4.2.6:b1::::::
	cpe:2.3:a:isc:dhcp:4.2.6:rc1::::::
cpe:2.3:a:isc:dhcp:4.2.7:::::::*
cpe:2.3:a:isc:dhcp:4.2.7:b1::::::
cpe:2.3:a:isc:dhcp:4.2.7:rc1::::::
cpe:2.3:a:isc:dhcp:4.2.8:::::::*
cpe:2.3:a:isc:dhcp:4.2.8:b1::::::
cpe:2.3:a:isc:dhcp:4.2.8:rc1::::::
cpe:2.3:a:isc:dhcp:4.2.8:rc2::::::
cpe:2.3:a:isc:dhcp:4.3.0:::::::*
cpe:2.3:a:isc:dhcp:4.3.0:a1::::::
cpe:2.3:a:isc:dhcp:4.3.0:b1::::::
cpe:2.3:a:isc:dhcp:4.3.0:rc1::::::
cpe:2.3:a:isc:dhcp:4.3.1:::::::*
cpe:2.3:a:isc:dhcp:4.3.1:b1::::::
cpe:2.3:a:isc:dhcp:4.3.1:rc1::::::
cpe:2.3:a:isc:dhcp:4.3.2:::::::*
cpe:2.3:a:isc:dhcp:4.3.2:b1::::::
cpe:2.3:a:isc:dhcp:4.3.2:rc1::::::
cpe:2.3:a:isc:dhcp:4.3.2:rc2::::::
cpe:2.3:a:isc:dhcp:4.3.3:::::::*
cpe:2.3:a:isc:dhcp:4.3.3:b1::::::

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

History

21 Nov 2024, 02:38

Type	Values Removed	Values Added
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html - Mailing List, Third Party Advisory~~	() http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html - Mailing List, Third Party Advisory
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html - Mailing List, Third Party Advisory~~	() http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html - Mailing List, Third Party Advisory
References	~~() http://www.debian.org/security/2016/dsa-3442 - Third Party Advisory~~	() http://www.debian.org/security/2016/dsa-3442 - Third Party Advisory
References	~~() http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html - Third Party Advisory~~	() http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html - Third Party Advisory
References	~~() http://www.securityfocus.com/bid/80703 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/80703 - Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1034657 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1034657 - Third Party Advisory, VDB Entry
References	~~() http://www.ubuntu.com/usn/USN-2868-1 - Third Party Advisory~~	() http://www.ubuntu.com/usn/USN-2868-1 - Third Party Advisory
References	~~() https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ - Third Party Advisory~~	() https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ - Third Party Advisory
References	~~() https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ - Third Party Advisory~~	() https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ - Third Party Advisory
References	~~() https://kb.isc.org/article/AA-01334 - Vendor Advisory~~	() https://kb.isc.org/article/AA-01334 - Vendor Advisory

Information

Published : 2016-01-14 22:59

Updated : 2024-11-21 02:38

NVD link : CVE-2015-8605

Mitre link : CVE-2015-8605

CVE.ORG link : CVE-2015-8605

JSON object : View

Products Affected

debian

debian_linux

isc

dhcp

canonical

ubuntu_linux

sophos

unified_threat_management_up2date

CWE

CWE-20

Improper Input Validation

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.7 /10

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2015-8605

6.5^/10

5.7^/10

Attach tags to `CVE-2015-8605`