CVE-2004-1006

Description

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.

Affected products

• ISC / dhcpd2.0.pl5 – 2.0.pl5
• ISC / dhcpd3.0 – 3.0
• ISC / dhcpd3.0 – 3.0
• ISC / dhcpd3.0 – 3.0
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0.1 – 3.0.1
• ISC / dhcpd3.0_b2pl9 – 3.0_b2pl9
• ISC / dhcpd3.0_b2pl23 – 3.0_b2pl23
• ISC / dhcpd3.0_pl1 – 3.0_pl1
• ISC / dhcpd3.0_pl2 – 3.0_pl2

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=109968710822449&w=2
• MISChttp://www.kb.cert.org/vuls/id/448384
• MISChttp://www.securityfocus.com/bid/11591
• MISChttp://archives.neohapsis.com/archives/bugtraq/2004-10/0287.html
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-584
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17963
• MISChttp://archives.neohapsis.com/archives/bugtraq/2004-11/0037.html
• MISChttp://www.redhat.com/support/errata/RHSA-2005-212.html