FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0460

This CVE name corresponds to:

Entered Topic
2004-06-25 isc-dhcp3-server buffer overflow in logging mechanism

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0460 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0460
Phase Assigned(20040512)

Description

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.

References

Source Reference
BUGTRAQ 20040628 ISC DHCP overflows
CONFIRM http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
MANDRAKE MDKSA-2004:061
CERT TA04-174A
CERT-VN VU#317350
BUGTRAQ 20040622 DHCP Vuln // no code 0day //
SUSE SuSE-SA:2004:019
BUGTRAQ 20040708 [OpenPKG-SA-2004.031] OpenPKG Security Advisory (dhcpd)
BID 10590
SECUNIA 23265
XF dhcp-ascii-log-bo(16475)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.