CVE-2004-0461

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-0461
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://marc.info/?l=bugtraq&m=108795911203342&w=2
http://marc.info/?l=bugtraq&m=108843959502356&w=2
http://marc.info/?l=bugtraq&m=108938625206063&w=2
http://secunia.com/advisories/23265
http://www.kb.cert.org/vuls/id/654390 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:061
http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html
http://www.securityfocus.com/bid/10591 Patch Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-174A.html Third Party Advisory US Government Resource
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16476
http://marc.info/?l=bugtraq&m=108795911203342&w=2
http://marc.info/?l=bugtraq&m=108843959502356&w=2
http://marc.info/?l=bugtraq&m=108938625206063&w=2
http://secunia.com/advisories/23265
http://www.kb.cert.org/vuls/id/654390 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:061
http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html
http://www.securityfocus.com/bid/10591 Patch Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-174A.html Third Party Advisory US Government Resource
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16476
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:h:infoblox:dns_one_appliance:2.3.1_r5:*:*:*:*:*:*:*
cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8:*:*:*:*:*:*:*
cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8a:*:*:*:*:*:*:*
OR cpe:2.3:a:isc:dhcpd:3.0.1:rc12:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc13:*:*:*:*:*:*
cpe:2.3:a:suse:suse_email_server:iii:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_admin-cd_for_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_firewall_cd:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
History

20 Nov 2024, 23:48

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=108795911203342&w=2 - () http://marc.info/?l=bugtraq&m=108795911203342&w=2 -
References () http://marc.info/?l=bugtraq&m=108843959502356&w=2 - () http://marc.info/?l=bugtraq&m=108843959502356&w=2 -
References () http://marc.info/?l=bugtraq&m=108938625206063&w=2 - () http://marc.info/?l=bugtraq&m=108938625206063&w=2 -
References () http://secunia.com/advisories/23265 - () http://secunia.com/advisories/23265 -
References () http://www.kb.cert.org/vuls/id/654390 - US Government Resource () http://www.kb.cert.org/vuls/id/654390 - US Government Resource
References () http://www.mandriva.com/security/advisories?name=MDKSA-2004:061 - () http://www.mandriva.com/security/advisories?name=MDKSA-2004:061 -
References () http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html - () http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html -
References () http://www.securityfocus.com/bid/10591 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/10591 - Patch, Vendor Advisory
References () http://www.us-cert.gov/cas/techalerts/TA04-174A.html - Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA04-174A.html - Third Party Advisory, US Government Resource
References () http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf - () http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/16476 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/16476 -
Information

Published : 2004-08-06 04:00

Updated : 2024-11-20 23:48

NVD link : CVE-2004-0461

Mitre link : CVE-2004-0461

CVE.ORG link : CVE-2004-0461

JSON object : View

Products Affected

redhat

  • fedora_core

suse

  • suse_linux_database_server
  • suse_linux_connectivity_server
  • suse_linux_firewall_cd
  • suse_linux_office_server
  • suse_linux
  • suse_linux_admin-cd_for_firewall
  • suse_email_server

mandrakesoft

  • mandrake_linux

isc

  • dhcpd

infoblox

  • dns_one_appliance
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024