Detections
Analytics
FreeBSD : kea -- unexpected termination while handling a malformed packet (59e7eb28-b309-11e5-af83-80ee73b5dcf5)
medium Nessus Plugin ID 87744
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
ISC Support reports :ISC Kea may terminate unexpectedly (crash) while handling a malformed client packet. Related defects in the kea-dhcp4 and kea-dhcp6 servers can cause the server to crash during option processing if a client sends a malformed packet. An attacker sending a crafted malformed packet can cause an ISC Kea server providing DHCP services to IPv4 or IPv6 clients to exit unexpectedly.
- The kea-dhcp4 server is vulnerable only in versions 0.9.2 and 1.0.0-beta, and furthermore only when logging at debug level 40 or higher. Servers running kea-dhcp4 versions 0.9.1 or lower, and servers which are not logging or are logging at debug level 39 or below are not vulnerable.
- The kea-dhcp6 server is vulnerable only in versions 0.9.2 and 1.0.0-beta, and furthermore only when logging at debug level 45 or higher. Servers running kea-dhcp6 versions 0.9.1 or lower, and servers which are not logging or are logging at debug level 44 or below are not vulnerable.
Solution
Update the affected package.See Also
Plugin Details
Severity: Medium
ID: 87744
File Name: freebsd_pkg_59e7eb28b30911e5af8380ee73b5dcf5.nasl
Version: 2.4
Type: local
Family: FreeBSD Local Security Checks
Published: 1/6/2016
Updated: 1/4/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS v3
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:kea, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 1/4/2016
Vulnerability Publication Date: 12/15/2015
Reference Information
CVE: CVE-2015-8373