|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA13100] DHCP Logging Functions Format String Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Nov 08 2004 - 06:22:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Monitor, Filter, and Manage Security Information
- Filtering and Management of Secunia advisories
- Overview, documentation, and detailed reports
- Alerting via email and SMS
Request Trial:
https://ca.secunia.com/?f=l
----------------------------------------------------------------------
TITLE:
DHCP Logging Functions Format String Vulnerability
SECUNIA ADVISORY ID:
SA13100
VERIFY ADVISORY:
http://secunia.com/advisories/13100/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From local network
SOFTWARE:
ISC DHCP 2
http://secunia.com/product/957/
DESCRIPTION:
infamous41md has reported a vulnerability in ISC DHCP, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is caused due to format string errors within
various logging functions in "errwarn.c".
Successful exploitation may potentially allow execution of arbitrary
code via a malicious DNS server.
The vulnerability affects DHCP 2.0pl5 and prior, and alpha and beta
releases of DHCP 3.x up to and including version 3.0b1-pl17.
SOLUTION:
DHCP 2.x is considered "end of life" and alpha and beta releases
should not be installed on production systems. Upgrade to the latest
version of DHCP 3.x.
http://www.isc.org/index.pl?/sw/dhcp/
PROVIDED AND/OR DISCOVERED BY:
infamous41md
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]