QwikSec

Security Database

CVE

CWE

Training

CVE-2004-0461

Published: Jun 24, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_CERT-VN

dhcp-c-include-bo(16476)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_MANDRAKE

third-party-advisory

x_refsource_SECUNIA

20040622 DHCP Vuln // no code 0day //

mailing-list

x_refsource_BUGTRAQ

20040708 [OpenPKG-SA-2004.031] OpenPKG Security Advisory (dhcpd)

mailing-list

x_refsource_BUGTRAQ

SuSE-SA:2004:019

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf

x_refsource_CONFIRM

third-party-advisory

x_refsource_CERT

20040628 ISC DHCP overflows

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.