ISC DHCP Buffer Overflow Vulnerabilities
Gravedad: Crítico
Identificadores de CVE : CVE-2004-0460
Fecha recomendada: 15 de febrero de 2011
Descripción
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
Revelación de la información
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1000156
Trend Micro Deep Security DPI Rule Name: 1000156 - ISC DHCP Buffer Overflow Vulnerabilities
Software y versión afectados
- ISC DHCPD 3.0.1 rc12
- ISC DHCPD 3.0.1 rc13
- Infoblox DNS One Appliance 2.3.1 -R5
- Infoblox DNS One Appliance 2.4 .0-8
- Infoblox DNS One Appliance 2.4 .0-8A
- MandrakeSoft Mandrake Linux 10.0
- MandrakeSoft Mandrake Linux 10.0 AMD64
- MandrakeSoft Mandrake Linux 9.0
- MandrakeSoft Mandrake Linux 9.1
- MandrakeSoft Mandrake Linux 9.1 ppc
- MandrakeSoft Mandrake Linux 9.2
- MandrakeSoft Mandrake Linux 9.2 amd64
- Red Hat Red Hat Fedora Core2
- SuSE SuSE Linux 8.0
- SuSE SuSE Linux 8.0 i386
- SuSE SuSE Linux 8.1
- SuSE SuSE Linux 8.2
- SuSE SuSE Linux 9.0
- SuSE SuSE Linux 9.0 x86_64
- SuSE SuSE Linux 9.1
- SuSE SuSE Linux Admin-CD for Firewall
- SuSE SuSE Linux Connectivity Server
- SuSE SuSE Linux Database Server
- SuSE SuSE Linux Enterprise Server 7
- SuSE SuSE Linux Enterprise Server 8
- SuSE SuSE Linux Firewall on CD
- SuSE SuSE Linux Office Server
- SuSE SuSE eMail Server III