FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

isc-dhcpd -- format string vulnerabilities

Affected packages
isc-dhcp < 3.0.1
isc-dhcp3 < 3.0.1
isc-dhcp3-client < 3.0.1
isc-dhcp3-devel < 3.0.1
isc-dhcp3-relay < 3.0.1
isc-dhcp3-server < 3.0.1
isc-dhcpd < 3.0.1

Details

VuXML ID ccd325d2-fa08-11d9-bc08-0001020eed82
Discovery 2004-11-08
Entry 2005-07-23

The ISC DHCP programs are vulnerable to several format string vulnerabilities which may allow a remote attacker to execute arbitrary code with the permissions of the DHCP programs, typically root for the DHCP server.

References

Bugtraq ID 11591
CERT/CC Vulnerability Note 448384
CVE Name CVE-2004-1006
Message 20041109003345.GG763@isc.org