ISC Information for VU#854315
ISC DHCPD contains format string vulnerability when logging DNS-update requests
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 08 May 2002
A patch is included below, and we have a patched version of 3.0 available (3.0pl1) and a new release candidate for the next bug-fix release (3.0.1RC9). Both of these new releases are not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
Upgrade to a newer version or apply the following patch.
--- common/print.c Tue Apr 9 13:41:17 2002
+++ common/print.c.patched Tue Apr 9 13:41:56 2002
@@ -1366,8 +1366,8 @@
*s++ = '.';
*s++ = 0;
- log_error (obuf);
+ log_error ("%s",obuf);
- log_info (obuf);
+ log_info ("%s",obuf);
#endif /* NSUPDATE */
If you have feedback, comments, or additional information about this vulnerability, please send us email.