Published: 01/03/2005 Updated: 11/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc dhcpd 3.0
isc dhcpd 3.0.1
isc dhcpd 3.0_b2pl23
isc dhcpd 3.0_b2pl9
isc dhcpd 3.0_pl1
isc dhcpd 3.0_pl2
isc dhcpd 2.0.pl5

Synopsis dhcp security update Type/Severity Security Advisory: Moderate Topic An updated dhcp package that fixes a string format issue is now availablefor Red Hat Enterprise Linux 21This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...

"infamous41md" noticed that the log functions in dhcp 2x, which is still distributed in the stable Debian release, contained pass parameters to function that use format strings One use seems to be exploitable in connection with a malicious DNS server For the stable distribution (woody) these problems have been fixed in version 20pl5-11woody1 F ...

NVD-CWE-Other http://www.securityfocus.com/bid/11591 http://www.debian.org/security/2004/dsa-584 http://archives.neohapsis.com/archives/bugtraq/2004-10/0287.html http://archives.neohapsis.com/archives/bugtraq/2004-11/0037.html http://www.kb.cert.org/vuls/id/448384 http://www.redhat.com/support/errata/RHSA-2005-212.html http://marc.info/?l=bugtraq&m=109968710822449&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17963 https://access.redhat.com/errata/RHSA-2005:212 https://nvd.nist.gov https://www.kb.cert.org/vuls/id/448384

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1006

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect