remote system compromise in dhcp/dhcp-server

ID SUSE-SA:2004:019
Type suse
Reporter Suse
Modified 2004-06-23T07:29:17


The Dynamic Host Configuration Protocol (DHCP) server is used to configure clients that dynamically connect to a network (WLAN hotspots, customer networks, ...). The CERT informed us about a buffer overflow in the logging code of the server that can be triggered by a malicious client by supplying multiple hostnames. The hostname strings are concatenated and copied in a fixed size buffer without checking the buffer bounds. Other possible buffer overflow conditions exist in using vsprintf() instead of vsnprintf(). This behavior can be configured during compile- time. The dhcp/dhcp-server package coming with SUSE LINUX used the vulnerable vsprintf() function.