Home  >  CVE-2002-0702
CVE Details for CVE: CVE-2002-0702
Summary
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.
Timestamps
Last major update 18-10-2016 - 02:21
Published 26-07-2002 - 04:00
Last modified 18-10-2016 - 02:21
References
Vulnerable Configurations
  • cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
10.0
Impact
10.0
Exploitability
10.0
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
CVSS3
None
VIA4 references
cvss-vector via4
AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 4701
bugtraq 20020508 [NGSEC-2002-2] ISC DHCPDv3, remote root compromise
caldera CSSA-2002-028.0
cert CA-2002-12
cert-vn VU#854315
conectiva CLA-2002:483
mandrake MDKSA-2002:037
suse SuSE-SA:2002:019
vulnwatch 20020508 [VulnWatch] [NGSEC-2002-2] ISC DHCPDv3, remote root compromise
xf dhcpd-nsupdate-format-string(9039)