CVE-2010-3616

ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
iscdhcp
4.2.0
iscdhcp
4.2.0:p1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
isc-dhcp
bookworm
4.4.3-P1-2
fixed
bullseye
4.4.1-2.3+deb11u2
fixed
bullseye (security)
4.4.1-2.3+deb11u1
fixed
sid
4.4.3-P1-5
fixed
trixie
4.4.3-P1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
isc-dhcp
dapper
dne
hardy
dne
karmic
dne
lucid
dne
maverick
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
dhcp
suse enterprise desktop 15
4.3.5-4.15
fixed
suse enterprise desktop 15 SP1
4.3.5-4.15
fixed
suse enterprise sap 12 SP5
4.3.3-10.16.4
fixed
suse enterprise sap 15
4.3.5-4.15
fixed
suse enterprise sap 15 SP1
4.3.5-4.15
fixed
suse enterprise server 12 SP2
4.3.3-9.1
fixed
suse enterprise server 12 SP3
4.3.3-9.1
fixed
suse enterprise server 12 SP5
4.3.3-10.16.4
fixed
suse enterprise server 15
4.3.5-4.15
fixed
suse enterprise server 15 SP1
4.3.5-4.15
fixed
dhcp-client
suse enterprise desktop 15
4.3.5-4.15
fixed
suse enterprise desktop 15 SP1
4.3.5-4.15
fixed
suse enterprise sap 12 SP5
4.3.3-10.16.4
fixed
suse enterprise sap 15
4.3.5-4.15
fixed
suse enterprise sap 15 SP1
4.3.5-4.15
fixed
suse enterprise server 12 SP2
4.3.3-9.1
fixed
suse enterprise server 12 SP3
4.3.3-9.1
fixed
suse enterprise server 12 SP5
4.3.3-10.16.4
fixed
suse enterprise server 15
4.3.5-4.15
fixed
suse enterprise server 15 SP1
4.3.5-4.15
fixed
dhcp-devel
suse enterprise desktop 15
4.3.5-4.15
fixed
suse enterprise desktop 15 SP1
4.3.5-4.15
fixed
suse enterprise sap 15
4.3.5-4.15
fixed
suse enterprise sap 15 SP1
4.3.5-4.15
fixed
suse enterprise server 15
4.3.5-4.15
fixed
suse enterprise server 15 SP1
4.3.5-4.15
fixed
dhcp-relay
suse enterprise sap 12 SP5
4.3.3-10.16.4
fixed
suse enterprise sap 15
4.3.5-4.15
fixed
suse enterprise sap 15 SP1
4.3.5-4.15
fixed
suse enterprise server 12 SP2
4.3.3-9.1
fixed
suse enterprise server 12 SP3
4.3.3-9.1
fixed
suse enterprise server 12 SP5
4.3.3-10.16.4
fixed
suse enterprise server 15
4.3.5-4.15
fixed
suse enterprise server 15 SP1
4.3.5-4.15
fixed
dhcp-server
suse enterprise sap 12 SP5
4.3.3-10.16.4
fixed
suse enterprise sap 15
4.3.5-4.15
fixed
suse enterprise sap 15 SP1
4.3.5-4.15
fixed
suse enterprise server 12 SP2
4.3.3-9.1
fixed
suse enterprise server 12 SP3
4.3.3-9.1
fixed
suse enterprise server 12 SP5
4.3.3-10.16.4
fixed
suse enterprise server 15
4.3.5-4.15
fixed
suse enterprise server 15 SP1
4.3.5-4.15
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html
http://secunia.com/advisories/42618
http://secunia.com/advisories/42682
http://www.kb.cert.org/vuls/id/159528
http://www.mandriva.com/security/advisories?name=MDVSA-2011:001
http://www.securityfocus.com/bid/45360
http://www.securitytracker.com/id?1024862
http://www.vupen.com/english/advisories/2010/3208
http://www.vupen.com/english/advisories/2011/0052
https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html
https://www.isc.org/software/dhcp/advisories/cve-2010-3616
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html
http://secunia.com/advisories/42618
http://secunia.com/advisories/42682
http://www.kb.cert.org/vuls/id/159528
http://www.mandriva.com/security/advisories?name=MDVSA-2011:001
http://www.securityfocus.com/bid/45360
http://www.securitytracker.com/id?1024862
http://www.vupen.com/english/advisories/2010/3208
http://www.vupen.com/english/advisories/2011/0052
https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html
https://www.isc.org/software/dhcp/advisories/cve-2010-3616