Remote Code Execution and Denial of Service Vulnerability in ISC DHCP 3.0.1rc12 and 3.0.1rc13

Remote Code Execution and Denial of Service Vulnerability in ISC DHCP 3.0.1rc12 and 3.0.1rc13

CVE-2004-0460 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.

Learn more about our Cis Benchmark Audit For Server Software.