remote system compromise in dhcp

2003-01-20T16:50:08
ID SUSE-SA:2003:0006
Type suse
Reporter Suse
Modified 2003-01-20T16:50:08

Description

The ISC (Internet Software Consortium) dhcp package is an imple- mentation of the "Dynamic Host Configuration Protocol" (DHCP). An internal source code audit done by ISC revealed several buffer overflows in the code which is responsible to handle dynamic DNS requests. These bugs allow an attacker to gain remote access to the dhcp server if the dynamic DNS feature is enabled. Dynamic DNS is not enabled by default on SuSE Linux.