Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0702

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0702
Last Modified 05 Sep 2008 04:28:43
Published 26 Jul 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0702

Summary

Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.

Vulnerable Systems

Application

  • Isc Dhcpd 3.0

  • Isc Dhcpd 3.0.1


References

CERT - CA-2002-12

CERT-VN - VU#854315

BID - 4701

MANDRAKE - MDKSA-2002:037

XF - dhcpd-nsupdate-format-string(9039)

SUSE - SuSE-SA:2002:019

VULNWATCH - 20020508 [VulnWatch] [NGSEC-2002-2] ISC DHCPDv3, remote root compromise

CALDERA - CSSA-2002-028.0

BUGTRAQ - 20020508 [NGSEC-2002-2] ISC DHCPDv3, remote root compromise

CONECTIVA - CLA-2002:483


Last Updated: 27 May 2016 10:37:02