ISC DHCP Buffer Overflow Vulnerabilities
Schweregrad: : Crítico
Identificador(es) CVE: : CVE-2004-0460
Data do informe: 15 fevereiro 2011
Descrição
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
Exposição das informações
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1000156
Trend Micro Deep Security DPI Rule Name: 1000156 - ISC DHCP Buffer Overflow Vulnerabilities
Software infectado e versão:
- ISC DHCPD 3.0.1 rc12
- ISC DHCPD 3.0.1 rc13
- Infoblox DNS One Appliance 2.3.1 -R5
- Infoblox DNS One Appliance 2.4 .0-8
- Infoblox DNS One Appliance 2.4 .0-8A
- MandrakeSoft Mandrake Linux 10.0
- MandrakeSoft Mandrake Linux 10.0 AMD64
- MandrakeSoft Mandrake Linux 9.0
- MandrakeSoft Mandrake Linux 9.1
- MandrakeSoft Mandrake Linux 9.1 ppc
- MandrakeSoft Mandrake Linux 9.2
- MandrakeSoft Mandrake Linux 9.2 amd64
- Red Hat Red Hat Fedora Core2
- SuSE SuSE Linux 8.0
- SuSE SuSE Linux 8.0 i386
- SuSE SuSE Linux 8.1
- SuSE SuSE Linux 8.2
- SuSE SuSE Linux 9.0
- SuSE SuSE Linux 9.0 x86_64
- SuSE SuSE Linux 9.1
- SuSE SuSE Linux Admin-CD for Firewall
- SuSE SuSE Linux Connectivity Server
- SuSE SuSE Linux Database Server
- SuSE SuSE Linux Enterprise Server 7
- SuSE SuSE Linux Enterprise Server 8
- SuSE SuSE Linux Firewall on CD
- SuSE SuSE Linux Office Server
- SuSE SuSE eMail Server III