CVE: CVE-2003-0026 - CVE-Search

CVE Details for CVE: CVE-2003-0026

Summary

Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.

Timestamps
Last major update	11-07-2017 - 01:29
Published	17-01-2003 - 05:00
Last modified	11-07-2017 - 01:29

References

Vulnerable Configurations

cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*
cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

7.5

Impact

6.4

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2003:011

refmap via4

bid	6627
bugtraq	20030122 [securityslackware.com: [slackware-security] New DHCP packages available]
cert	CA-2003-01
cert-vn	VU#284857
ciac	N-031
conectiva	CLA-2003:562
debian	DSA-231
mandrake	MDKSA-2003:007
openpkg	OpenPKG-SA-2003.002
sectrack	1005924
suse	SuSE-SA:2003:0006 SuSE-SA:2003:006
xf	dhcpd-minires-multiple-bo(11073)