CVE-2003-0026

2003-01-1705:00:00

mitre

web.nvd.nist.gov

cve-2003-0026

buffer overflow

minires library

remote code execution

isc dhcpd 3.0

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.135

Percentile

95.6%

JSON

Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.

Affected configurations

Nvd

Node

iscdhcpdMatch3.0

iscdhcpdMatch3.0.1rc1

iscdhcpdMatch3.0.1rc2

iscdhcpdMatch3.0.1rc3

iscdhcpdMatch3.0.1rc4

iscdhcpdMatch3.0.1rc5

iscdhcpdMatch3.0.1rc6

iscdhcpdMatch3.0.1rc7

iscdhcpdMatch3.0.1rc8

VendorProductVersionCPE
iscdhcpd3.0cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*
iscdhcpd3.0.1cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*
iscdhcpd3.0.1cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*
iscdhcpd3.0.1cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*
iscdhcpd3.0.1cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*
iscdhcpd3.0.1cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*
iscdhcpd3.0.1cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*
iscdhcpd3.0.1cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*
iscdhcpd3.0.1cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*

Vendor	Product	Version	CPE
isc	dhcpd	3.0	cpe:2.3:a:isc:dhcpd:3.0:::::::*
isc	dhcpd	3.0.1	cpe:2.3:a:isc:dhcpd:3.0.1:rc1::::::
isc	dhcpd	3.0.1	cpe:2.3:a:isc:dhcpd:3.0.1:rc2::::::
isc	dhcpd	3.0.1	cpe:2.3:a:isc:dhcpd:3.0.1:rc3::::::
isc	dhcpd	3.0.1	cpe:2.3:a:isc:dhcpd:3.0.1:rc4::::::
isc	dhcpd	3.0.1	cpe:2.3:a:isc:dhcpd:3.0.1:rc5::::::
isc	dhcpd	3.0.1	cpe:2.3:a:isc:dhcpd:3.0.1:rc6::::::
isc	dhcpd	3.0.1	cpe:2.3:a:isc:dhcpd:3.0.1:rc7::::::
isc	dhcpd	3.0.1	cpe:2.3:a:isc:dhcpd:3.0.1:rc8::::::