Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1006

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1006
Last Modified 05 Sep 2008 04:40:03
Published 01 Mar 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1006

Summary

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.

Vulnerable Systems

Application

  • Isc Dhcpd 2.0.pl5

  • Isc Dhcpd 3.0

  • Isc Dhcpd 3.0 B2pl23

  • Isc Dhcpd 3.0 B2pl9

  • Isc Dhcpd 3.0 Pl1

  • Isc Dhcpd 3.0 Pl2

  • Isc Dhcpd 3.0.1


References

CERT-VN - VU#448384

BID - 11591

DEBIAN - DSA-584

XF - dhcp-log-format-string(17963)

BUGTRAQ - 20041105 Re: debian dhcpd, old format string bug

BUGTRAQ - 20041102 Re: debian dhcpd, old format string bug

BUGTRAQ - 20041025 debian dhcpd, old format string bug

REDHAT - RHSA-2005:212


Last Updated: 27 May 2016 10:38:51