CVE-2010-2156

ISC Dhcp - Numeric Error

Title source: rule

Description

ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.

Exploits (2)

exploitdb WORKING POC

by sid · pythondosmultiple

https://www.exploit-db.com/exploits/14185

View Code ZIP pw:eip

metasploit WORKING POC

by sid, theLightCosine · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb

View Code ZIP pw:eip

References (9)

[Various Sources] http://ftp.isc.org/isc/dhcp/dhcp-4.0.2-P1-RELNOTES

[Various Sources] http://ftp.isc.org/isc/dhcp/dhcp-4.1.1-P1-RELNOTES

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2010:114

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/59222

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/40775

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042843.html

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/14185

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024093

[Third Party Advisory] http://secunia.com/advisories/40116

Scores

EPSS 0.8675

EPSS Percentile 99.4%

Details

CWE

CWE-189

Status published

Products (5)

isc/dhcp 4.1.0

isc/dhcp 4.1.1 (5 CPE variants)

isc/dhcp 4.0.0

isc/dhcp 4.0.1 (3 CPE variants)

isc/dhcp 4.0.2 (5 CPE variants)

Published Jun 07, 2010

Tracked Since Feb 18, 2026