CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
95.6%
Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.
Vendor | Product | Version | CPE |
---|---|---|---|
isc | dhcpd | 3.0 | cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:* |
isc | dhcpd | 3.0.1 | cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:* |
isc | dhcpd | 3.0.1 | cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:* |
isc | dhcpd | 3.0.1 | cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:* |
isc | dhcpd | 3.0.1 | cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:* |
isc | dhcpd | 3.0.1 | cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:* |
isc | dhcpd | 3.0.1 | cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:* |
isc | dhcpd | 3.0.1 | cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:* |
isc | dhcpd | 3.0.1 | cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:* |
archives.neohapsis.com/archives/bugtraq/2003-01/0250.html
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562
www.cert.org/advisories/CA-2003-01.html
www.ciac.org/ciac/bulletins/n-031.shtml
www.debian.org/security/2003/dsa-231
www.kb.cert.org/vuls/id/284857
www.mandriva.com/security/advisories?name=MDKSA-2003:007
www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html
www.redhat.com/support/errata/RHSA-2003-011.html
www.securityfocus.com/bid/6627
www.securitytracker.com/id?1005924
www.suse.com/de/security/2003_006_dhcp.html
exchange.xforce.ibmcloud.com/vulnerabilities/11073