| ID |
CVE-2002-0702
|
| Summary |
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*
-
cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*
-
cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*
-
cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*
-
cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*
-
cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*
-
cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*
-
cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*
|
| CVSS |
| Base: | 10.0 (as of 18-10-2016 - 02:21) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 4701 | | bugtraq | 20020508 [NGSEC-2002-2] ISC DHCPDv3, remote root compromise | | caldera | CSSA-2002-028.0 | | cert | CA-2002-12 | | cert-vn | VU#854315 | | conectiva | CLA-2002:483 | | mandrake | MDKSA-2002:037 | | suse | SuSE-SA:2002:019 | | vulnwatch | 20020508 [VulnWatch] [NGSEC-2002-2] ISC DHCPDv3, remote root compromise | | xf | dhcpd-nsupdate-format-string(9039) |
|
| Last major update |
18-10-2016 - 02:21 |
| Published |
26-07-2002 - 04:00 |
| Last modified |
18-10-2016 - 02:21 |
