CVE-2004-0460

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-0460
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://marc.info/?l=bugtraq&m=108795911203342&w=2
http://marc.info/?l=bugtraq&m=108843959502356&w=2
http://marc.info/?l=bugtraq&m=108938625206063&w=2
http://secunia.com/advisories/23265
http://www.kb.cert.org/vuls/id/317350 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:061
http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html
http://www.securityfocus.com/bid/10590 Patch Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-174A.html Third Party Advisory US Government Resource
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16475
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:h:infoblox:dns_one_appliance:2.3.1_r5:*:*:*:*:*:*:*
cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8:*:*:*:*:*:*:*
cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8a:*:*:*:*:*:*:*
OR cpe:2.3:a:isc:dhcpd:3.0.1:rc12:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc13:*:*:*:*:*:*
cpe:2.3:a:suse:suse_email_server:iii:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_admin-cd_for_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_firewall_cd:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2004-08-06 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2004-0460

Mitre link : CVE-2004-0460

CVE.ORG link : CVE-2004-0460

JSON object : View

Products Affected

redhat

  • fedora_core

suse

  • suse_linux_database_server
  • suse_linux_connectivity_server
  • suse_linux_firewall_cd
  • suse_linux_office_server
  • suse_linux
  • suse_linux_admin-cd_for_firewall
  • suse_email_server

mandrakesoft

  • mandrake_linux

isc

  • dhcpd

infoblox

  • dns_one_appliance
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024