[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256288

 
 

909

 
 

199146

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0461Date: (C)2004-08-06   (M)2023-12-22


The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-10591
http://marc.info/?l=bugtraq&m=108795911203342&w=2
http://marc.info/?l=bugtraq&m=108843959502356&w=2
http://marc.info/?l=bugtraq&m=108938625206063&w=2
SECUNIA-23265
MDKSA-2004:061
SuSE-SA:2004:019
TA04-174A
VU#654390
dhcp-c-include-bo(16476)
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf

CPE    16
cpe:/o:mandrakesoft:mandrake_linux:9.0
cpe:/o:mandrakesoft:mandrake_linux:9.1
cpe:/a:isc:dhcpd:3.0.1:rc12
cpe:/a:suse:suse_linux_office_server
...

© SecPod Technologies