Security vulnerability in ISC DHCPD

Thursday, 9 May 2002, 10:40 AM EST

ISC DHCPD in its version 3 introduced new dns-update features. ISC DHCPD is vulnerable to a format string bug attack, while reporting the result of a dns-update request. Since ISC DHCPD runs with root privileges, attackers can use this bug to gain unauthorized access, to the system running ISC DHCPD, as root user.

ISC DHCPDv3 Remote Root Compromise
http://www.net-security.org/vuln.php?id=1667

CERT Advisory CA-2002-12 Format String Vulnerability in ISC DHCPD
http://www.net-security.org/advisory.php?id=681

Internet Software Consortium released a patch which is added to the CERT Security advisory linked above. Also, version 3.0p1 of the ISC DHCP Distribution has been released and is available on the ISC web site.

Update (10 May 2002) - Conectiva released a Security Advisory (CLA-2002:483) that deals with this issue. It can be read on the following link:
http://www.net-security.org/advisory.php?id=683

[ Read more ]

Comment:

CERT's quick workaround - "As a temporary measure, it may be possible to limit the scope of this vulnerability by blocking access to DHCP services at the network perimeter".




Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //