remote system compromise in dhcp

ID SUSE-SA:2003:0006
Type suse
Reporter Suse
Modified 2003-01-20T16:50:08


The ISC (Internet Software Consortium) dhcp package is an imple- mentation of the "Dynamic Host Configuration Protocol" (DHCP). An internal source code audit done by ISC revealed several buffer overflows in the code which is responsible to handle dynamic DNS requests. These bugs allow an attacker to gain remote access to the dhcp server if the dynamic DNS feature is enabled. Dynamic DNS is not enabled by default on SuSE Linux.