Test ID:	1.3.6.1.4.1.25623.1.0.11312
Category:	Gain root remotely
Title:	DHCP server overflow / format string bug
Summary:	NOSUMMARY
Description:	Description: The remote host is running a DHCP server. If the remote server is ISC-DHCPd, make sure you are running the latest version, as several flaws affect older versions and may allow an attacker to gain root on this host *** Note that Nessus did not check for the presence of the *** flaws, so this might be a false positive See also : http://www.cert.org/advisories/CA-2003-01.html http://www.cert.org/advisories/CA-2002-12.html Risk factor : High
Cross-Ref:	BugTraq ID: 4701 BugTraq ID: 6627 BugTraq ID: 6628 BugTraq ID: 11591 Common Vulnerability Exposure (CVE) ID: CVE-2003-0026 http://www.securityfocus.com/bid/6627 Bugtraq: 20030122 [securityslackware.com: [slackware-security] New DHCP packages available] (Google Search) http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html http://www.cert.org/advisories/CA-2003-01.html CERT/CC vulnerability note: VU#284857 http://www.kb.cert.org/vuls/id/284857 Computer Incident Advisory Center Bulletin: N-031 http://www.ciac.org/ciac/bulletins/n-031.shtml Conectiva Linux advisory: CLA-2003:562 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562 Debian Security Information: DSA-231 (Google Search) http://www.debian.org/security/2003/dsa-231 http://www.mandriva.com/security/advisories?name=MDKSA-2003:007 http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html http://www.redhat.com/support/errata/RHSA-2003-011.html http://www.securitytracker.com/id?1005924 SuSE Security Announcement: SuSE-SA:2003:0006 (Google Search) http://www.suse.com/de/security/2003_006_dhcp.html SuSE Security Announcement: SuSE-SA:2003:006 (Google Search) XForce ISS Database: dhcpd-minires-multiple-bo(11073) https://exchange.xforce.ibmcloud.com/vulnerabilities/11073 Common Vulnerability Exposure (CVE) ID: CVE-2002-0702 http://www.securityfocus.com/bid/4701 Bugtraq: 20020508 [NGSEC-2002-2] ISC DHCPDv3, remote root compromise (Google Search) http://marc.info/?l=bugtraq&m=102089498828206&w=2 Caldera Security Advisory: CSSA-2002-028.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-028.0.txt http://www.cert.org/advisories/CA-2002-12.html CERT/CC vulnerability note: VU#854315 http://www.kb.cert.org/vuls/id/854315 Conectiva Linux advisory: CLA-2002:483 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000483 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-037.php SuSE Security Announcement: SuSE-SA:2002:019 (Google Search) http://www.novell.com/linux/security/advisories/2002_19_dhcp.html http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0063.html http://www.iss.net/security_center/static/9039.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0039 http://www.securityfocus.com/bid/6628 Bugtraq: 20030115 DoS against DHCP infrastructure with isc dhcrelay (Google Search) http://marc.info/?l=bugtraq&m=104310927813830&w=2 Bugtraq: 20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd) (Google Search) http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html CERT/CC vulnerability note: VU#149953 http://www.kb.cert.org/vuls/id/149953 Conectiva Linux advisory: CLSA-2003:616 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616 Debian Security Information: DSA-245 (Google Search) http://www.debian.org/security/2003/dsa-245 http://www.redhat.com/support/errata/RHSA-2003-034.html TurboLinux Advisory: TLSA-2003-26 http://cc.turbolinux.com/security/TLSA-2003-26.txt XForce ISS Database: dhcp-dhcrelay-dos(11187) https://exchange.xforce.ibmcloud.com/vulnerabilities/11187
Copyright	This script is Copyright (C) 2003 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.