An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/08/04/2 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/08/17/3 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/09/07/3 | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/ | |
https://security.gentoo.org/glsa/202107-48 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210625-0005/ | Third Party Advisory |
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 03:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Oct 2022, 02:59
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp cloud Backup
|
|
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
28 Jan 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Systemd Project
Systemd Project systemd |
|
CPE | cpe:2.3:a:systemd_project:systemd:245:-:*:*:*:*:*:* |
08 Sep 2021, 12:43
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202107-48 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/ - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/09/07/3 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/08/04/2 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/08/17/3 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210625-0005/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
07 Sep 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Aug 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Aug 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jul 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jul 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 May 2021, 15:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142 - Exploit, Third Party Advisory | |
CWE | CWE-290 | |
CVSS |
v2 : v3 : |
v2 : 2.9
v3 : 6.1 |
CPE | cpe:2.3:a:freedesktop:systemd:245:-:*:*:*:*:*:* |
10 May 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-10 16:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-13529
Mitre link : CVE-2020-13529
CVE.ORG link : CVE-2020-13529
JSON object : View
Products Affected
netapp
- active_iq_unified_manager
- cloud_backup
fedoraproject
- fedora
systemd_project
- systemd
CWE
CWE-290
Authentication Bypass by Spoofing