Alias(es)Linux.ISC.DHCPD.Hostname.BufferOverflow |
Release DateJun 08, 2005 |
Severitylow |
ImpactDenial of service attack or Compromise of the affected system. |
DescriptionIt indicates a possible exploit of "buffer overflow vulnerability" in logging function of ISC DHCPD daemon. ISC DHCPD Daemons software is distributed in some of the Linux distribution package. A buffer overflow vulnerability is reported in its logging function that may allow an attacker to cause denial of service or execute arbitrary code on the vulnerable system. This is due to applications login routine failure to boundary check the data before processing it. For exploiting this an attacker may send malformed DHCP request with long string in the hostname options in the following messages DISCOVER, OFFER, REQUEST, ACK, or NAK to cause buffer overflow for executing arbitrary code on the vulnerable system or to crash server. |
Affected ProductsISC DHCPD 3.0.1 rc13 and earlier versions. |
Recommended ActionsUpgrade to ISC DHCPD 3.0.1 rc14 or later versions. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2004-0460 |
Reference/shttp://www.securityfocus.com/bid/10590 (BugTraq) |
