Format String Vulnerability in DHCP Server Software by ISC
CVE-2004-1006

Currently unrated

Key Information:

Vendor: Isc
Status: Dhcpd
Vendor: CVE Published:; 1 March 2005

Summary

A format string vulnerability exists in the log functions of ISC's DHCP server version 2.x, allowing remote DNS servers to execute arbitrary code through specially crafted DNS messages. This vulnerability can lead to unauthorized actions on affected systems, emphasizing the need for immediate patching and security updates.

References

http://marc.info/?l=bugtraq&m=109968710822449&w=2

mailing-listx_refsource_BUGTRAQ

http://www.kb.cert.org/vuls/id/448384

third-party-advisoryx_refsource_CERT-VN

http://www.securityfocus.com/bid/11591

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 1, 2005
Vulnerability Reserved
Nov 2, 2004