ISC DHCPD contains format string vulnerability when logging DNS-update requests

2002-05-08T00:00:00
ID VU:854315
Type cert
Reporter CERT
Modified 2003-01-13T17:32:00

Description

Overview

The DHCP daemon (DHCPD) is a server that is used to allocate network addresses and assign configuration parameters to dynamically configured hosts. A format string vulnerability may permit an intruder to execute code with the privileges of the DHCP daemon (typically root).

Description

The Internet Software Consortium (ISC) produces a DHCP server. DHCPD listens for requests from client machines connecting to the network. Versions 3 to 3.0.1rc8 inclusive of DHCPD contain an option (NSUPDATE) that is compiled in by default. NSUPDATE allows the DHCP server to send an update to the DNS server after processing a DHCP request. The DNS server responds by sending a message back to the DHCP server. The response from the DNS server can contain user-supplied data. When this message is received, the DHCP server logs the transaction. A format string vulnerability exists in the DHCPD code that logs the transaction. This vulnerability may permit an attacker to execute code with the privileges of the DHCP daemon.


Impact

A remote attacker can execute arbitrary code on the vulnerable host with the privileges of the DHCP server (DHCPD), typically root.


Solution

Obtain a patch from vendor.


If you cannot upgrade, apply the following patch.

--- common/print.c Tue Apr 9 13:41:17 2002
+++ common/print.c.patched Tue Apr 9 13:41:56 2002
@@ -1366,8 +1366,8 @@
s++ = '.';
s++ = 0;
if (errorp)
- log_error (obuf);
+ log_error ("%s",obuf);
else
- log_info (obuf);
+ log_info ("%s",obuf);
}

endif / NSUPDATE /**


Vendor Information

854315

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Vendor has issued information

__ Sort by: Status Alphabetical

Expand all

Affected Unknown __ Unaffected

Javascript is disabled. Click here to view vendors.

Alcatel

Notified: May 07, 2002 Updated: May 29, 2002

Status

__ Vulnerable

Vendor Statement

Following the recent CERT advisory on security vulnerabilities in the ISC DHCP implementation, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that only one customer-specific product was affected. Alcatel is working with that customer on a solution. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential ISC DHCP security vulnerabilities and will provide updates if necessary.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva

Updated: May 13, 2002

Status

__ Vulnerable

Vendor Statement

Please see http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000483&idioma=en.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD

Notified: May 06, 2002 Updated: May 07, 2002

Status

__ Vulnerable

Vendor Statement

The FreeBSD base system does not ship with the ISC dhcpd server by default and is not affected by this vulnerability. The ISC dhcpd server is available in the FreeBSD Ports Collection; updates to the ISC dhcp port (ports/net/isc-dhcp3) are in progress and corrected packages will be available in the near future.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ISC

Updated: May 08, 2002

Status

__ Vulnerable

Vendor Statement

A patch is included below, and we have a patched version of 3.0 available (3.0pl1) and a new release candidate for the next bug-fix release (3.0.1RC9). Both of these new releases are not vulnerable._

--- common/print.c Tue Apr 9 13:41:17 2002
+++ common/print.c.patched Tue Apr 9 13:41:56 2002
@@ -1366,8 +1366,8 @@
s++ = '.';
s++ = 0;
if (errorp)
- log_error (obuf);
+ log_error ("%s",obuf);
else
- log_info (obuf);
+ log_info ("%s",obuf);
}

endif / NSUPDATE /_


Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Upgrade to a newer version or apply the following patch.

--- common/print.c Tue Apr 9 13:41:17 2002
+++ common/print.c.patched Tue Apr 9 13:41:56 2002
@@ -1366,8 +1366,8 @@
s++ = '.';
s++ = 0;
if (errorp)
- log_error (obuf);
+ log_error ("%s",obuf);
else
- log_info (obuf);
+ log_info ("%s",obuf);
}

endif / NSUPDATE /

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetBSD

Notified: May 06, 2002 Updated: May 08, 2002

Status

__ Vulnerable

Vendor Statement

NetBSD fixed this during a format string sweep performed on 11-Oct-2000. No released version of NetBSD is vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer Inc.

Notified: May 06, 2002 Updated: May 14, 2002

Status

__ Not Vulnerable

Vendor Statement

Mac OS X does not contain this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc.

Notified: May 06, 2002 Updated: May 13, 2002

Status

__ Not Vulnerable

Vendor Statement

Cray, Inc. is not vulnerable since dhcp is not supported under Unicos or Unicos/mk.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks

Notified: May 07, 2002 Updated: May 08, 2002

Status

__ Not Vulnerable

Vendor Statement

F5 Networks' products do not include any affected version of ISC's DHCPD, and are therefore not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu Limited

Notified: May 06, 2002 Updated: May 14, 2002

Status

__ Not Vulnerable

Vendor Statement

Fujitsu's UXP/V operating system is not vulnerable. UXP/V does not support dhcp.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company

Notified: May 06, 2002 Updated: May 08, 2002

Status

__ Not Vulnerable

Vendor Statement

HP-UX is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM

Notified: May 06, 2002 Updated: May 07, 2002

Status

__ Not Vulnerable

Vendor Statement

IBM's AIX operating system, all versions, is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lotus Development Corporation

Notified: May 07, 2002 Updated: May 08, 2002

Status

__ Not Vulnerable

Vendor Statement

This issue does not affect Lotus products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Microsoft Corporation

Notified: May 07, 2002 Updated: May 08, 2002

Status

__ Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Notified: May 06, 2002 Updated: May 14, 2002

Status

__ Not Vulnerable

Vendor Statement

sent on May 13, 2002

[Server Products]

  • EWS/UP 48 Series
    - is NOT vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks

Notified: May 07, 2002 Updated: May 09, 2002

Status

__ Not Vulnerable

Vendor Statement

Nortel Networks products are not impacted by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc.

Notified: May 06, 2002 Updated: May 31, 2002

Status

__ Not Vulnerable

Vendor Statement

Red Hat Linux has never been shipped with version 3 of dhcpd and therefore none of our releases are vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Not Vulnerable

Vendor Statement

SGI is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc.

Notified: May 06, 2002 Updated: June 10, 2002

Status

__ Not Vulnerable

Vendor Statement

Sun is not vulnerable as Solaris does not ship the ISC DHCPD and does not use any of the ISC DHCPD source in its version of DHCPD.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Xerox

Notified: May 07, 2002 Updated: July 19, 2002

Status

__ Not Vulnerable

Vendor Statement

Xerox is aware of this advisory. A response is available from our web site: www.xerox.com/security.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ 3Com

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ AT&T

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Avaya

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ BSDI

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ CacheFlow Inc.

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Check Point

Notified: May 14, 2002 Updated: May 15, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Cisco Systems Inc.

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Compaq Computer Corporation

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Computer Associates

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Data General

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Debian

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Dell

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Guardian Digital Inc.

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Honeywell

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Inktomi Corporation

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Lantronix

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Linksys

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ MandrakeSoft

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Marconi

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Novell

Notified: May 14, 2002 Updated: May 15, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ OpenBSD

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Oracle

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Sequent

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Sony Corporation

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ The SCO Group (SCO Linux)

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ The SCO Group (SCO UnixWare)

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Unisys

Notified: May 06, 2002 Updated: May 06, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Verilink

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

__ Wind River Systems Inc.

Notified: May 07, 2002 Updated: May 07, 2002

Status

__ Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 48 vendors View less vendors

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | | N/A

References

  • <http://www.ngsec.com/docs/advisories/NGSEC-2002-2.txt>
  • <http://www.isc.org/products/DHCP/>
  • <http://www.securityfocus.com/bid/4701>

Acknowledgements

The CERT Coordination Center acknowledges Next Generation Security Technologies as the discoverer of this vulnerability and thanks them and The Internet Software Consortium (ISC) for their cooperation, reporting and analysis of this vulnerability.

This document was written by Ian A. Finlay.

Other Information

CVE IDs: | CVE-2002-0702
---|---
CERT Advisory: | CA-2002-12
Severity Metric:** | 46.17
Date Public:
| 2002-05-08
Date First Published: | 2002-05-08
Date Last Updated: | 2003-01-13 17:32 UTC
Document Revision: | 47