CVE-2003-0039

Current Description

ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.

Basic Data

PublishedFebruary 07, 2003
Last ModifiedOctober 10, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIscDhcpd3.0.1rc1******
    2.3ApplicationIscDhcpd3.0.1rc10******
    2.3ApplicationIscDhcpd3.0.1rc2******
    2.3ApplicationIscDhcpd3.0.1rc3******
    2.3ApplicationIscDhcpd3.0.1rc4******
    2.3ApplicationIscDhcpd3.0.1rc5******
    2.3ApplicationIscDhcpd3.0.1rc6******
    2.3ApplicationIscDhcpd3.0.1rc7******
    2.3ApplicationIscDhcpd3.0.1rc8******
    2.3ApplicationIscDhcpd3.0.1rc9******

Vulnerable Software List

VendorProductVersions
Isc Dhcpd 3.0.1

References

NameSourceURLTags
TLSA-2003-26http://cc.turbolinux.com/security/TLSA-2003-26.txtTURBO
CLSA-2003:616http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616CONECTIVA
20030115 DoS against DHCP infrastructure with isc dhcrelayhttp://marc.info/?l=bugtraq&m=104310927813830&w=2BUGTRAQ
DSA-245http://www.debian.org/security/2003/dsa-245DEBIANPatch Vendor Advisory
VU#149953http://www.kb.cert.org/vuls/id/149953CERT-VNUS Government Resource
20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.htmlBUGTRAQ
RHSA-2003:034http://www.redhat.com/support/errata/RHSA-2003-034.htmlREDHAT
6628http://www.securityfocus.com/bid/6628BID
dhcp-dhcrelay-dos(11187)https://exchange.xforce.ibmcloud.com/vulnerabilities/11187XF