Vulnerabilities > CVE-2004-0461 - Buffer Overflow vulnerability in ISC DHCPD VSPRINTF
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 3 | |
Application | 2 | |
Application | 6 | |
OS | 7 | |
OS | 1 | |
OS | 9 |
Nessus
NASL family | Mandriva Local Security Checks |
NASL id | MANDRAKE_MDKSA-2004-061.NASL |
description | A vulnerability in how ISC |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14160 |
published | 2004-07-31 |
reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14160 |
title | Mandrake Linux Security Advisory : dhcp (MDKSA-2004:061) |
References
- http://marc.info/?l=bugtraq&m=108795911203342&w=2
- http://marc.info/?l=bugtraq&m=108843959502356&w=2
- http://marc.info/?l=bugtraq&m=108938625206063&w=2
- http://secunia.com/advisories/23265
- http://www.kb.cert.org/vuls/id/654390
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:061
- http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html
- http://www.securityfocus.com/bid/10591
- http://www.us-cert.gov/cas/techalerts/TA04-174A.html
- http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16476