Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 CVE-2010-3616: DHCP: Server Hangs with TCP to Failover Peer Port

If a server receives a TCP connection on a port that has been configured for communication with a failover peer, this can cause it to become non-responsive to all normal DHCP protocol traffic. CVE: CVE-2010-3616 VU#159528 Posting date: 10 Dec 2010 Program…

2 CVE-2010-3611: DHCP: Server Crash with Empty Link-Address Field

If the server receives a DHCPv6 packet containing one or more Relay-Forward messages, and none of them supply an address in the Relay-Forward link-address field, then the server will crash. This can be used as a single packet crash attack vector. CVE: CVE-2010-3611…

3 CVE-2010-2156: DHCP: Fencepost error on zero-length client identifier

A request from a client containing a zero length client id will cause the server to exit. CVE: CVE-2010-2156 VU#541921 Posting date: 01 Jun 2010 Program Impacted: DHCP Versions affected: 4.0.x, 4.1.x, 4.2.x Severity: High Exploitable: Remotely Description:…

4 CVE-2009-1892: DHCP host record fenceposting error

Versions of ISC dhcpd from 3.0.3 and onward have a fenceposting error that causes it to exit if it observes a DHCP client that matches two host records - one by DHCP Client Identifier option, the other by hardware address. CVE: CVE-2009-1892 Posting date:…

5 CVE-2009-0692: DHCP Stack Overflow in 'dhclient' script_write_params()

ISC dhclient has a stack overflow vulnerability which makes it theoretically possible for a rogue DHCP server to execute arbitrary commands as root on the affected system through stack return subversion. CVE: CVE-2009-0692 Posting date: 14 Jul 2009 Program…

6 CVE-2004-0460: DHCP stack buffer overflow vulnerability in handling log lines containing ASCII characters only

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) CVE: CVE-2004-0460 VU#317350 Posting date: 22 Jun 2004 Program Impacted: DHCP Versions affected: 3.0.1rc12, 3.0.1rc13 Severity: High Exploitable: Remotely Description: DHCPD syslogs every…

7 CVE-2004-0461: DHCPD contains C Includes that sometimes defines vsnprintf() as vsprintf()

DHCPD, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function CVE: CVE-2004-0461 VU#654390 Posting date: 22 Jun 2004 Program Impacted: DHCP Versions affected:…