Back to search
CVE-2004-0460
Published: Jun 24, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
VU#317350
third-party-advisory
x_refsource_CERT-VN
10590
vdb-entry
x_refsource_BID
MDKSA-2004:061
vendor-advisory
x_refsource_MANDRAKE
23265
third-party-advisory
x_refsource_SECUNIA
20040622 DHCP Vuln // no code 0day //
mailing-list
x_refsource_BUGTRAQ
20040708 [OpenPKG-SA-2004.031] OpenPKG Security Advisory (dhcpd)
mailing-list
x_refsource_BUGTRAQ
SuSE-SA:2004:019
vendor-advisory
x_refsource_SUSE
dhcp-ascii-log-bo(16475)
vdb-entry
x_refsource_XF
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
x_refsource_CONFIRM
TA04-174A
third-party-advisory
x_refsource_CERT
20040628 ISC DHCP overflows
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now