Vulnerability Note VU#448384
ISC DHCP contains a format string vulnerabilty in errwarn.c
The Internet Systems Consortium (ISC) Dynamic Host Configuration Protocol (DHCP) application contains a format string vulnerability in errwarn.c that could allow an attacker to execute arbitrary code.
As described in RFC 2131, "The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network." ISC DHCP is a reference implementation of the DHCP protocol, including a DHCP server, client, and relay agent.
The code that handles error and warning messages (errwarn.c) contains several instances of a format string vulnerability. An insufficient number of parameters is passed to the syslog function, which creates the format string vulnerability. The vulnerable code is used by the DHCP client, server, and relay.
A remote, unauthenticated attacker may be able to execute code on the DHCP server with the privileges of the DHCPD process (typically root). An attacker may also be able to execute code on a system running the DHCP client or agent, since these also use the vulnerable code in errwarn.c.
Apply a patch or update from your vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|ISC||Affected||14 Dec 2004||16 Dec 2004|
|MontaVista Software||Affected||17 Dec 2004||17 Dec 2004|
|Red Hat Inc.||Affected||17 Dec 2004||01 Aug 2005|
|Hitachi||Not Affected||17 Dec 2004||22 Dec 2004|
|NEC Corporation||Not Affected||17 Dec 2004||09 Mar 2005|
|SGI||Not Affected||17 Dec 2004||22 Dec 2004|
|Apple Computer Inc.||Unknown||17 Dec 2004||17 Dec 2004|
|Conectiva||Unknown||17 Dec 2004||17 Dec 2004|
|Cray Inc.||Unknown||17 Dec 2004||17 Dec 2004|
|Debian||Unknown||17 Dec 2004||17 Dec 2004|
|EMC Corporation||Unknown||17 Dec 2004||17 Dec 2004|
|Engarde||Unknown||17 Dec 2004||17 Dec 2004|
|F5 Networks||Unknown||17 Dec 2004||17 Dec 2004|
|FreeBSD||Unknown||17 Dec 2004||17 Dec 2004|
|Fujitsu||Unknown||17 Dec 2004||17 Dec 2004|
CVSS Metrics (Learn More)
This vulnerability was publicly disclosed by infamous41md.
This document was written by Will Dormann.
- CVE IDs: CAN-2004-1006
- Date Public: 08 Nov 2004
- Date First Published: 09 Mar 2005
- Date Last Updated: 01 Aug 2005
- Severity Metric: 10.26
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.