Description
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.
Product(s):
- ISC DHCPD 2.0.pl5
- ISC DHCPD 3.0.1 rc10
- ISC DHCPD 3.0.1 rc11
- ISC DHCPD 3.0.1 rc12
- ISC DHCPD 3.0.1 rc13
- ISC DHCPD 3.0.1 rc14
- ISC DHCPD 3.0.1 rc1
- ISC DHCPD 3.0.1 rc2
- ISC DHCPD 3.0.1 rc3
- ISC DHCPD 3.0.1 rc4
- ISC DHCPD 3.0.1 rc5
- ISC DHCPD 3.0.1 rc6
- ISC DHCPD 3.0.1 rc7
- ISC DHCPD 3.0.1 rc8
- ISC DHCPD 3.0.1 rc9
- ISC DHCPD 3.0
- ISC DHCPD 3.0 Release Candidate 12
- ISC DHCPD 3.0 Release Candidate 4
- ISC DHCPD 3.0 b2pl23
- ISC DHCPD 3.0 b2pl9
- ISC DHCPD 3.0 pl1
- ISC DHCPD 3.0 pl2
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1006, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1006 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.