Format String Vulnerabilities in ISC DHCP Daemon (DHCPD) by ISC
CVE-2002-0702

Currently unrated

Key Information:

Vendor: Isc
Status: Dhcpd
Vendor: CVE Published:; 26 July 2002

Summary

The ISC DHCP daemon (DHCPD) versions 3 to 3.0.1rc8, specifically with the NSUPDATE option enabled, are susceptible to a format string vulnerability in their logging routines. This weakness allows remote malicious DNS servers to craft specially formatted responses that can lead to arbitrary code execution on the affected server, posing significant risk to system integrity and security.

References

http://www.securityfocus.com/bid/4701

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/854315

third-party-advisoryx_refsource_CERT-VN

http://www.novell.com/linux/security/advisories/2002_19_d...

vendor-advisoryx_refsource_SUSE

EPSS Score

37% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 26, 2002
Vulnerability Reserved
Jul 16, 2002