search menu icon-carat-right cmu-wordmark

CERT Coordination Center

ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions

Vulnerability Note VU#654390

Original Release Date: 2004-06-22 | Last Revised: 2004-07-21

Overview

The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) 3 application contains a vulnerability that introduces several potential buffer overflow conditions. Exploitation of this vulnerability can cause a denial-of-service condition to the DHCP Daemon (DHCPD) and may permit a remote attacker to execute arbitrary code on the system with the privileges of the DHCPD process.

Description

ISC DHCP makes use of the vsnprintf() for writing various log file strings. For systems that do not support vsnprintf(), a C include file was created that defines the vsnprintf() function to vsprintf() as such:

#define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)

vsprintf() is a function that does not check bounds, therefore the size is discarded creating the potential for a buffer overflow when client provided data is supplied. Note that the vsnprintf() statements are defined after the vulnerable code that is discussed in VU#317350. This means that VU#317350 would be triggered prior to these potential buffer overflows, unless a client could specify content to a vsnprintf() statement not associated with logging. It is believed that there aren't any other vsnprintf() statements vulnerable to this type of exploitation. Note that this vulnerability was discovered and exploitable after VU#317350 was resolved.

Only ISC DHCP 3.0.1rc12 and ISC DHCP 3.0.1rc13 are believed to be vulnerable for the following operating systems:

    • AIX
    • AlphaOS
    • Cygwin32
    • HP-UX
    • Irix
    • Linux
    • NextStep
    • SCO
    • SunOS 4
    • SunOS 5.5
    • Ultrix

As with VU#317350, all versions of ISC DCHP 3, including all snapshots, betas, and release candidates, contain the flawed code. However, it is not believed that these versions are exploitable because they discard all but the last hostname option provided by the client.

Impact

A remote attacker with the ability to send a crafted packet to the DHCPD listening port (typically port 67/UDP), may be able to crash the ISC DHCP daemon, causing a denial of service. It may be possible to execute arbitrary code on the vulnerable server with the privileges of the DHCPD process (typically root).

Solution

ISC has released DHCP 3.0.1rc14 which resolves this issue. For systems that do not support vsnprintf(), DHCP now implements it's own bounded function. DHCP will not compile and link if it does not believe that it is linking to a bounds checking function. Versions prior to ISC DHCP 3 are no longer supported. All users of ISC DHCP are encouraged to update to the latest version.

Vendor Information

654390
 
Affected   Unknown   Unaffected

Fedora Project

Notified:  June 12, 2004 Updated:  June 22, 2004

Status

  Vulnerable

Vendor Statement

Fedora Core 2 includes DHCP 3.0.1rc12. Updated packages will be available from http://fedora.redhat.com/download/updates.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

InfoBlox

Notified:  June 12, 2004 Updated:  July 13, 2004

Status

  Vulnerable

Vendor Statement

The Infoblox DNS One product is vulnerable to both of these issues. We have patched these vulnerabilities and released new versions of code, 2.4.0-10 for the black 1U platform, and 2.4.0-10A for the new Model 1000 platform. Affected customers should visit our support site for details, http://support.infoblox.com/, or contact support by phone at 888-INFOBLX (888-463-6259) ext 1.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft

Notified:  June 12, 2004 Updated:  June 23, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:061.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE Inc.

Notified:  June 12, 2004 Updated:  June 23, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.suse.com/de/security/2004_19_dhcp_server.html.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer Inc.

Notified:  June 12, 2004 Updated:  June 22, 2004

Status

  Not Vulnerable

Vendor Statement

Apple: Apple products are not affected by the issue reported in Vulnerability Note VU#654390.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Aruba Networks

Notified:  June 12, 2004 Updated:  June 23, 2004

Status

  Not Vulnerable

Vendor Statement

----------------------------------------------------------------------------

Aruba Wireless Networks Security Advisory

Title: ISC DHCP contains C includes that define "vsnprintf" to "vsprintf"
creating potential buffer overflow conditions
Aruba Advisory ID: AID-06152004
Revision: 1.0
For Public Release on 06/22/2004 at 19:00 (GMT)
References: CAN-2004-0461 / CERT Vulnerability Note VU#654390



----------------------------------------------------------------------------

SUMMARY

It was disclaimed by ISC, via CERT, that ISC DHCP contains C includes that
define "vsnprintf" to "vsprintf" creating potential buffer overflow conditions.

PRODUCTS AND FIRMWARE VERSIONS AFFECTED

Hardware: No Aruba Wireless Networks Platform are affected
Software: No Aruba OS available versions are affected


DETAILS

This issue could cause a stack overflow and eventual crash of the machine
running ISC's DHCPd. Although it was not clear if whether or not that overflow
could be used to execute arbitrary code, this should not cause a problem on Aruba
Wireless Networks products, since they are not affected by the packets described
in the CERT notification.

IMPACT

None.

WORKAROUNDS

There is no need for a workaround to be implemented.

SOLUTION

Aruba products were tested against this possible attack and are not vulnerable to it.


OBTAINING FIXED FIRMWARES

There is no special firmware needed to address the issue described above.

Aruba Support contacts are as follows:

1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)
+1-408-754-1200 (toll call from anywhere in the world)
e-mail: support(at)arubanetworks.com
web: http://www.arubanetworks.com/support

Please, do not contact either "wsirt(at)arubanetworks.com" or
"security(at)arubanetworks.com" for software upgrades.


EXPLOITATION AND PUBLIC ANNOUNCEMENTS

This vulnerability will be announced at
http://www.kb.cert.org/vuls


STATUS OF THIS NOTICE: Final

Although Aruba Wireless networks cannot guarantee the accuracy of all
statements in this advisory, all of the facts have been checked to the
best of our ability. Aruba Wireless Networks does not anticipate issuing
updated versions of this advisory unless there is some material change
in the facts. Should there be a significant change in the facts, Aruba
Wireless Networks may update this advisory.

A stand-alone copy or paraphrase of the text of this security
advisory that omits the distribution URL in the following section is
an uncontrolled copy, and may lack important information or contain
factual errors.

DISTRIBUTION OF THIS ANNOUCEMENT

This advisory will be posted on Aruba's website at
http://www.arubanetworks.com/support/wsirt/alerts/AID-06152004.asc

In addition to worldwide web posting, a text version of this notice
is clear-signed with the Aruba WSIRT PGP key having the fingerprint
AB90 36CE 259C 7BA1 4FAF 62F8 3EF2 6968 39C3 A3C0 and is posted to
the following e-mail recipients.

* cert@cert.org

Future updates of this advisory, if any, will be placed on Aruba's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.

REVISION HISTORY


Revision 1.0 /06-14-2004 / Initial release


ARUBA WSIRT SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Aruba
Wireless Networks products, obtaining assistance with security
incidents is available at
http://www.arubanetworks.com/support/wsirt.php


For reporting *NEW* Aruba Wireless Networks security issues, email
can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com.
For sensitive information we encourage the use of PGP encryption. Our
public keys can be found at http://www.arubanetworks.com/support/wsirt.php


(c) Copyright 2004 by Aruba Wireless Networks, Inc.
This advisory may be redistributed freely after the release date
given at the top of the text, provided that redistributed copies are
complete and unmodified, including all date and version information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Check Point

Notified:  June 12, 2004 Updated:  June 22, 2004

Status

  Not Vulnerable

Vendor Statement

Check Point products are not vulnerable to these issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems Inc.

Notified:  June 12, 2004 Updated:  June 24, 2004

Status

  Not Vulnerable

Vendor Statement

Not Vulnerable

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Extreme Networks

Notified:  June 12, 2004 Updated:  June 22, 2004

Status

  Not Vulnerable

Vendor Statement

Extreme Networks switch products is not vulnerable to above notification (VU#317350, VU#654390). No action is needed.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi

Notified:  June 12, 2004 Updated:  June 22, 2004

Status

  Not Vulnerable

Vendor Statement

Hitachi GR2000/GR4000/GS4000/GS3000 are NOT Vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM

Notified:  June 12, 2004 Updated:  June 23, 2004

Status

  Not Vulnerable

Vendor Statement

The AIX Operating System is not vulnerable to the issues discussed in CERT Vulnerability Note VU#654390 or Technical Cyber Security Alert TA04-174A.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks

Updated:  June 22, 2004

Status

  Not Vulnerable

Vendor Statement

Juniper Networks products are not susceptible to these vulnerabilities.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation

Notified:  June 12, 2004 Updated:  June 23, 2004

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetBSD

Notified:  June 12, 2004 Updated:  June 22, 2004

Status

  Not Vulnerable

Vendor Statement

NetBSD has not shipped a vulnerable version of ISC dhcpd in -current or any release.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nominum

Notified:  June 12, 2004 Updated:  June 24, 2004

Status

  Not Vulnerable

Vendor Statement

Nominum Foundation Dynamic Configuration Server is not susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc.

Notified:  June 12, 2004 Updated:  June 22, 2004

Status

  Not Vulnerable

Vendor Statement

No updates are required for users of Red Hat Enterprise Linux 2.1 or 3. Both of these distributions include versions of DHCP where these issues are not exploitable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Redback Networks Inc.

Notified:  June 12, 2004 Updated:  June 22, 2004

Status

  Not Vulnerable

Vendor Statement

Redback has verified that none of its product-lines is vulnerable.

1. All products in SmartEdge family are not vulnerable.

2. All products in SMS family are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

3Com

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AT&T

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avaya

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avici Systems Inc.

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Charlotte's Web Networks

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Chiaro Networks

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc.

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

D-Link Systems

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Data Connection

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

EMC Corporation

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Foundry Networks Inc.

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company

Notified:  June 12, 2004 Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

HP-UX, Tru64 UNIX, and OpenVMS are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hyperchip

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM eServer

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM-zSeries

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Immunix

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intel

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Internet Software Consortium

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lucent Technologies

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Luminous

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Multi-Tech Systems Inc.

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Multinet

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetScreen

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NextHop

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux

Notified:  June 12, 2004 Updated:  June 23, 2004

Status

  Unknown

Vendor Statement

Openwall GNU/*/Linux (Owl) is not vulnerable to VU#317350 as we only ship dhcpd derived from version 3.0pl2. Since the very inclusion of the DHCP suite in Owl, we also include a patch which makes dhcpd run as its dedicated pseudo-user and in a chroot jail. In response to these new findings, we're adding another "hardening" patch which forces the use of snprintf() and vsnprintf() in all places where *sprintf() was used with non-constant string arguments.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Riverstone Networks

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SCO

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sony Corporation

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc.

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TurboLinux

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisys

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems Inc.

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ZyXEL

Updated:  June 22, 2004

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 65 vendors View less vendors


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Gregory Duchemin and Solar Designer for discovering, reporting and resolving this vulnerability. Thanks also to David Hankins of ISC for notifying us of this vulnerability and the technical information provided to create this document.

This document was created by Jason A Rafail and based on the technical information provided by David Hankins of ISC.

Other Information

CVE IDs: CVE-2004-0461
Severity Metric: 14.21
Date Public: 2004-06-22
Date First Published: 2004-06-22
Date Last Updated: 2004-07-21 14:34 UTC
Document Revision: 17

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.