Format String Vulnerability in DHCP Server Software by ISC
CVE-2004-1006

Currently unrated

Key Information:

Vendor

Isc
Status
Dhcpd
Vendor
CVE Published:
1 March 2005

What is CVE-2004-1006?

A format string vulnerability exists in the log functions of ISC's DHCP server version 2.x, allowing remote DNS servers to execute arbitrary code through specially crafted DNS messages. This vulnerability can lead to unauthorized actions on affected systems, emphasizing the need for immediate patching and security updates.

References

http://marc.info/?l=bugtraq&m=109968710822449&w=2
mailing-listx_refsource_BUGTRAQ
http://www.kb.cert.org/vuls/id/448384
third-party-advisoryx_refsource_CERT-VN
http://www.securityfocus.com/bid/11591
vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.