Intrusion Prevention

ISC.DHCPD.Hostname.Format.String

Description

This indicates a possible exploit of a format-string vulnerability in the logging function of ISC DHCPD daemon.
ISC DHCPD Daemons software is distributed in some Linux distribution packages. A format-string vulnerability is reported in its logging function that may allow an attacker to execute arbitrary code on a vulnerable system. By default the NSUPDATE option is enabled in the DHCP daemon, which is responsible for getting a DNS update from a DNS server if a DHCP request contains a DNS update. Due to a boundary check failure in the logging routines for dynamic DNS code (print.c), an attacker may send a malformed DNS response with a malicious format string in the hostname options, to cause a buffer overflow and execute arbitrary code on the vulnerable system with root privileges.

Affected Products

ISC DHCPD 3.0.1 rc8 and earlier versions

Impact

Compromise of the affected system.

Recommended Actions

Upgrade to ISC DHCPD 3.0.1 rc9 or later versions.

CVE References

CVE-2002-0702