CVE-2004-0461

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:h:infoblox:dns_one_appliance:2.3.1_r5:*:*:*:*:*:*:*
cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8:*:*:*:*:*:*:*
cpe:2.3:h:infoblox:dns_one_appliance:2.4.0.8a:*:*:*:*:*:*:*
OR cpe:2.3:a:isc:dhcpd:3.0.1:rc12:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc13:*:*:*:*:*:*
cpe:2.3:a:suse:suse_email_server:iii:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_admin-cd_for_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_firewall_cd:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*

History

20 Nov 2024, 23:48

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=108795911203342&w=2 - () http://marc.info/?l=bugtraq&m=108795911203342&w=2 -
References () http://marc.info/?l=bugtraq&m=108843959502356&w=2 - () http://marc.info/?l=bugtraq&m=108843959502356&w=2 -
References () http://marc.info/?l=bugtraq&m=108938625206063&w=2 - () http://marc.info/?l=bugtraq&m=108938625206063&w=2 -
References () http://secunia.com/advisories/23265 - () http://secunia.com/advisories/23265 -
References () http://www.kb.cert.org/vuls/id/654390 - US Government Resource () http://www.kb.cert.org/vuls/id/654390 - US Government Resource
References () http://www.mandriva.com/security/advisories?name=MDKSA-2004:061 - () http://www.mandriva.com/security/advisories?name=MDKSA-2004:061 -
References () http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html - () http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html -
References () http://www.securityfocus.com/bid/10591 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/10591 - Patch, Vendor Advisory
References () http://www.us-cert.gov/cas/techalerts/TA04-174A.html - Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA04-174A.html - Third Party Advisory, US Government Resource
References () http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf - () http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/16476 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/16476 -

Information

Published : 2004-08-06 04:00

Updated : 2024-11-20 23:48


NVD link : CVE-2004-0461

Mitre link : CVE-2004-0461

CVE.ORG link : CVE-2004-0461


JSON object : View

Products Affected

isc

  • dhcpd

suse

  • suse_linux
  • suse_email_server
  • suse_linux_firewall_cd
  • suse_linux_admin-cd_for_firewall
  • suse_linux_connectivity_server
  • suse_linux_office_server
  • suse_linux_database_server

redhat

  • fedora_core

mandrakesoft

  • mandrake_linux

infoblox

  • dns_one_appliance