CVE-2004-0460 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0460
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0460

Description: Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/16475 SUSE http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html SAID Secunia Advisory: SA23265 MANDRAKE http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:061 CONFIRM http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf CERT-VN 317350 CERT http://www.us-cert.gov/cas/techalerts/TA04-174A.html BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=108938625206063&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=108795911203342&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=108843959502356&w=2 BID 10590

Return to the previous page.