diff options
author | Wesley Shields <wxs@FreeBSD.org> | 2011-01-29 00:15:09 +0000 |
---|---|---|
committer | Wesley Shields <wxs@FreeBSD.org> | 2011-01-29 00:15:09 +0000 |
commit | bf7d233ce8057376f429394b2cdd36922f75db02 (patch) | |
tree | 025c75ef046b57680a30210a8804c778f3ab1fc8 /security | |
parent | - update to 0.41 (diff) |
Document ISC DHCPv6 server crash.
Feature safe: yes
Notes
Notes:
svn path=/head/; revision=268353
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index cf64f47df8a0..1fd949a8459b 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,37 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="dc9f8335-2b3b-11e0-a91b-00e0815b8da8"> + <topic>isc-dhcp-server -- </topic> + <affects> + <package> + <name>isc-dhcp41-server</name> + <range><lt>4.1.2,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ISC reports:</p> + <blockquote cite="http://www.isc.org/software/dhcp/advisories/cve-2011-0413"> + <p>When the DHCPv6 server code processes a message for an address + that was previously declined and internally tagged as abandoned + it can trigger an assert failure resulting in the server crashing. + This could be used to crash DHCPv6 servers remotely. This issue + only affects DHCPv6 servers. DHCPv4 servers are unaffected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-0413</cvename> + <url>http://www.isc.org/software/dhcp/advisories/cve-2011-0413</url> + <url>http://www.kb.cert.org/vuls/id/686084</url> + </references> + <dates> + <discovery>2011-01-26</discovery> + <entry>2011-01-28</entry> + </dates> + </vuln> + <vuln vid="c8c927e5-2891-11e0-8f26-00151735203a"> <topic>bugzilla -- multiple seriuos vulnerabilities</topic> <affects> |