ID CVE-2004-0460
Summary Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
References
Vulnerable Configurations
  • cpe:2.3:h:infoblox:dns_one_appliance:2.3.1_r5
    cpe:2.3:h:infoblox:dns_one_appliance:2.3.1_r5
  • cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8
    cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8
  • cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8a
    cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8a
  • ISC DHCPD 3.0.1 rc12
    cpe:2.3:a:isc:dhcpd:3.0.1:rc12
  • ISC DHCPD 3.0.1 rc13
    cpe:2.3:a:isc:dhcpd:3.0.1:rc13
  • cpe:2.3:a:suse:suse_email_server:iii
    cpe:2.3:a:suse:suse_email_server:iii
  • SuSE SuSE Linux Admin-CD for Firewall
    cpe:2.3:a:suse:suse_linux_admin-cd_for_firewall
  • SuSE SuSE Linux Connectivity Server
    cpe:2.3:a:suse:suse_linux_connectivity_server
  • SuSE SuSE Linux Database Server
    cpe:2.3:a:suse:suse_linux_database_server
  • SuSE SuSE Linux Firewall CD
    cpe:2.3:a:suse:suse_linux_firewall_cd
  • SuSE SuSE Linux Office Server
    cpe:2.3:a:suse:suse_linux_office_server
  • MandrakeSoft Mandrake Linux 10.0
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
  • MandrakeSoft Mandrake Linux 9.0
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.0
  • MandrakeSoft Mandrake Linux 9.1
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.1
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:-:ppc
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:-:ppc
  • MandrakeSoft Mandrake Linux 9.2
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:-:amd64
  • cpe:2.3:o:redhat:fedora_core:core_2.0
    cpe:2.3:o:redhat:fedora_core:core_2.0
  • cpe:2.3:o:suse:suse_linux:7:-:enterprise_server
    cpe:2.3:o:suse:suse_linux:7:-:enterprise_server
  • SuSE SuSE Linux 8.0
    cpe:2.3:o:suse:suse_linux:8.0
  • cpe:2.3:o:suse:suse_linux:8.0:-:i386
    cpe:2.3:o:suse:suse_linux:8.0:-:i386
  • SuSE SuSE Linux 8.1
    cpe:2.3:o:suse:suse_linux:8.1
  • SuSE SuSE Linux 8.2
    cpe:2.3:o:suse:suse_linux:8.2
  • cpe:2.3:o:suse:suse_linux:8:-:enterprise_server
    cpe:2.3:o:suse:suse_linux:8:-:enterprise_server
  • SuSE SuSE Linux 9.0
    cpe:2.3:o:suse:suse_linux:9.0
  • cpe:2.3:o:suse:suse_linux:9.0:-:x86_64
    cpe:2.3:o:suse:suse_linux:9.0:-:x86_64
  • SuSE SuSE Linux 9.1
    cpe:2.3:o:suse:suse_linux:9.1
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_DHCP3_301R14.NASL
    description The following package needs to be updated: isc-dhcp3-
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12534
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12534
    title FreeBSD : isc-dhcp3-server buffer overflow in logging mechanism (36)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7A9D5DFEC50711D88898000D6111A684.NASL
    description A buffer overflow exists in the logging functionality of the DHCP daemon which could lead to Denial of Service attacks and has the potential to allow attackers to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 36237
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36237
    title FreeBSD : isc-dhcp3-server buffer overflow in logging mechanism (7a9d5dfe-c507-11d8-8898-000d6111a684)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-061.NASL
    description A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable server with the permissions of the user running DHCPD, which is usually root. A similar vulnerability also exists in the way ISC's DHCPD makes use of the vsnprintf() function on system that do not support vsnprintf(). This vulnerability could also be used to execute arbitrary code and/or perform a DoS attack. The vsnprintf() statements that have this problem are defined after the vulnerable code noted above, which would trigger the previous problem rather than this one. Thanks to Gregory Duchemin and Solar Designer for discovering these flaws. The updated packages contain 3.0.1rc14 which is not vulnerable to these problems. Only ISC DHCPD 3.0.1rc12 and 3.0.1rc13 are vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14160
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14160
    title Mandrake Linux Security Advisory : dhcp (MDKSA-2004:061)
refmap via4
bid 10590
bugtraq
  • 20040622 DHCP Vuln // no code 0day //
  • 20040628 ISC DHCP overflows
  • 20040708 [OpenPKG-SA-2004.031] OpenPKG Security Advisory (dhcpd)
cert TA04-174A
cert-vn VU#317350
confirm http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
mandrake MDKSA-2004:061
secunia 23265
suse SuSE-SA:2004:019
xf dhcp-ascii-log-bo(16475)
Last major update 17-10-2016 - 22:45
Published 06-08-2004 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top