Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 29, 2002
Affected
Following the recent CERT advisory on security vulnerabilities in the ISC DHCP implementation, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that only one customer-specific product was affected. Alcatel is working with that customer on a solution. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential ISC DHCP security vulnerabilities and will provide updates if necessary.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 14, 2002
Not Affected
Mac OS X does not contain this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 14, 2002 Updated: May 15, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: May 13, 2002
Affected
Please see http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000483&idioma=en.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 13, 2002
Not Affected
Cray, Inc. is not vulnerable since dhcp is not supported under Unicos or Unicos/mk.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 08, 2002
Not Affected
F5 Networks' products do not include any affected version of ISC's DHCPD, and are therefore not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 07, 2002
Affected
The FreeBSD base system does not ship with the ISC dhcpd server by default and is not affected by this vulnerability. The ISC dhcpd server is available in the FreeBSD Ports Collection; updates to the ISC dhcp port (ports/net/isc-dhcp3) are in progress and corrected packages will be available in the near future.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 14, 2002
Not Affected
Fujitsu's UXP/V operating system is not vulnerable. UXP/V does not support dhcp.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 08, 2002
Not Affected
HP-UX is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 07, 2002
Not Affected
IBM's AIX operating system, all versions, is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: May 08, 2002
Affected
A patch is included below, and we have a patched version of 3.0 available (3.0pl1) and a new release candidate for the next bug-fix release (3.0.1RC9). Both of these new releases are not vulnerable. --- common/print.c Tue Apr 9 13:41:17 2002 +++ common/print.c.patched Tue Apr 9 13:41:56 2002 @@ -1366,8 +1366,8 @@ *s++ = '.'; *s++ = 0; if (errorp) - log_error (obuf); + log_error ("%s",obuf); else - log_info (obuf); + log_info ("%s",obuf); #endif /* NSUPDATE */
The vendor has not provided us with any further information regarding this vulnerability.
Upgrade to a newer version or apply the following patch. --- common/print.c Tue Apr 9 13:41:17 2002 +++ common/print.c.patched Tue Apr 9 13:41:56 2002 @@ -1366,8 +1366,8 @@ *s++ = '.'; *s++ = 0; if (errorp) - log_error (obuf); + log_error ("%s",obuf); else - log_info (obuf); + log_info ("%s",obuf); #endif /* NSUPDATE */
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 08, 2002
Not Affected
This issue does not affect Lotus products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 08, 2002
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 14, 2002
Not Affected
sent on May 13, 2002 [Server Products] * EWS/UP 48 Series - is NOT vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 08, 2002
Affected
NetBSD fixed this during a format string sweep performed on 11-Oct-2000. No released version of NetBSD is vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 09, 2002
Not Affected
Nortel Networks products are not impacted by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 14, 2002 Updated: May 15, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 31, 2002
Not Affected
Red Hat Linux has never been shipped with version 3 of dhcpd and therefore none of our releases are vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Not Affected
SGI is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: June 10, 2002
Not Affected
Sun is not vulnerable as Solaris does not ship the ISC DHCPD and does not use any of the ISC DHCPD source in its version of DHCPD.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 06, 2002 Updated: May 06, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: May 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 07, 2002 Updated: July 19, 2002
Not Affected
Xerox is aware of this advisory. A response is available from our web site: www.xerox.com/security.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.