ISC DHCP vulnerability [CVE-2015-8605]

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2015-018 CVE-2015-8605 01/15/2016 low v1

Vulnerability details

A vulnerability in ISC DHCP allows remote attackers to cause a denial of service via an invalid length field in a UDP IPv4 packet.

Impacted products

ProductsSeverityDetail
Stormshield Network Security low The product embeds a vulnerable version of DHCP
Netasq low The product embeds a vulnerable version of DHCP

Revisions

Version Date Description
v1 04/12/2016 Initial release

 



Stormshield Network Security

CVSS v2 Overall Score: 2.9      

Analysis

Impacted version

A badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or relay program to terminate abnormally.

  • SNS 1.0.0 to 1.4.4
  • SNS 2.0.0 to 2.3.2

Workaround solution

Solution

There is no workaround solution.

The 2.4.0 and 1.5.0 updates will fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Adjacent Network Medium None None None Partial
CVSS Base score: 2.9 CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 2.1 CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
Low High [76-100%]
CVSS Environmental score: 2.9 CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C/CDP:L/TD:H/CR:ND/IR:ND/AR:ND)


Netasq

CVSS v2 Overall Score: 2.9      

Analysis

Impacted version

A badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or relay program to terminate abnormally.

  • Netasq 9.0.0 to 9.1.7

Workaround solution

Solution

There is no workaround solution.

The 9.1.8 update will fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Adjacent Network Medium None None None Partial
CVSS Base score: 2.9 CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 2.1 CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
Low High [76-100%]
CVSS Environmental score: 2.9 CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C/CDP:L/TD:H/CR:ND/IR:ND/AR:ND)