Format String Vulnerabilities in ISC DHCP Daemon (DHCPD) by ISC
CVE-2002-0702

Currently unrated

Key Information:

Vendor

Isc
Status
Dhcpd
Vendor
CVE Published:
26 July 2002

What is CVE-2002-0702?

The ISC DHCP daemon (DHCPD) versions 3 to 3.0.1rc8, specifically with the NSUPDATE option enabled, are susceptible to a format string vulnerability in their logging routines. This weakness allows remote malicious DNS servers to craft specially formatted responses that can lead to arbitrary code execution on the affected server, posing significant risk to system integrity and security.

References

http://www.securityfocus.com/bid/4701
vdb-entryx_refsource_BID
http://www.kb.cert.org/vuls/id/854315
third-party-advisoryx_refsource_CERT-VN
http://www.novell.com/linux/security/advisories/2002_19_d...
vendor-advisoryx_refsource_SUSE

EPSS Score

37% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.