CVE-2009-1892 : dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware

dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.

Published 2009-07-17 16:30:01

Updated 2025-04-09 00:30:58

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2009-1892

ISC » Dhcp » Version: 3.1.1
cpe:2.3:a:isc:dhcp:3.1.1:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.4
cpe:2.3:a:isc:dhcp:3.0.4:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.4 B1
cpe:2.3:a:isc:dhcp:3.0.4_b1:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.4 B2
cpe:2.3:a:isc:dhcp:3.0.4_b2:*:*:*:*:*:*:*
Matching versions
ISC » Dhcp » Version: 3.0.4 B3
cpe:2.3:a:isc:dhcp:3.0.4_b3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-1892

EPSS FAQ

6.66%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-1892

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2009-1892

CWE-16

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2009-1892

Red Hat 2009-07-20

Not vulnerable. Red Hat Enterprise Linux 3, 4, and 5 provide earlier versions of ISC DHCP which are not vulnerable to this issue.

References for CVE-2009-1892

http://secunia.com/advisories/36457

About Secunia Research | Flexera

CVEs referencing this url
http://www.debian.org/security/2009/dsa-1833

[SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
Patch

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2009:154

Mandriva
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html

[SECURITY] Fedora 10 Update: dhcp-4.0.0-37.fc10

CVEs referencing this url
http://secunia.com/advisories/35851

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/35830

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/35669

Patch
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html

[SECURITY] Fedora 11 Update: dhcp-4.1.0p1-4.fc11

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/51717

ISC DHCP Server DHCP denial of service CVE-2009-1892 Vulnerability Report
http://secunia.com/advisories/37342

About Secunia Research | Flexera

CVEs referencing this url