Lucene search

[email protected]CVE-2003-0026

HistoryJan 17, 2003 - 5:00 a.m.

CVE-2003-0026

2003-01-1705:00:00

[email protected]

web.nvd.nist.gov

cve-2003-0026

buffer overflow

minires library

remote code execution

isc dhcpd 3.0

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.135 Low

EPSS

Percentile

95.6%

JSON

Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.

Affected configurations

NVD

Node

iscdhcpdMatch3.0

iscdhcpdMatch3.0.1rc1

iscdhcpdMatch3.0.1rc2

iscdhcpdMatch3.0.1rc3

iscdhcpdMatch3.0.1rc4

iscdhcpdMatch3.0.1rc5

iscdhcpdMatch3.0.1rc6

iscdhcpdMatch3.0.1rc7

iscdhcpdMatch3.0.1rc8

CPENameOperatorVersion
isc:dhcpdisc dhcpdeq3.0
isc:dhcpdisc dhcpdeq3.0.1

CPE	Name	Operator	Version
isc:dhcpd	isc dhcpd	eq	3.0
isc:dhcpd	isc dhcpd	eq	3.0.1

References

archives.neohapsis.com/archives/bugtraq/2003-01/0250.html

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562

www.cert.org/advisories/CA-2003-01.html

www.ciac.org/ciac/bulletins/n-031.shtml

www.debian.org/security/2003/dsa-231

www.kb.cert.org/vuls/id/284857

www.mandriva.com/security/advisories?name=MDKSA-2003:007

www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html

www.redhat.com/support/errata/RHSA-2003-011.html

www.securityfocus.com/bid/6627

www.securitytracker.com/id?1005924

www.suse.com/de/security/2003_006_dhcp.html

exchange.xforce.ibmcloud.com/vulnerabilities/11073

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.135 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2003-0026

nessus2 openvas2 securityvulns1 cert1 debian2 nvd1 suse1 osv1 cvelist1