Test ID:	1.3.6.1.4.1.25623.1.0.54199
Category:	Fedora Local Security Checks
Title:	Fedora Legacy Security Advisory FLSA-2005:152835
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory FLSA-2005:152835. infamous41md noticed that the log functions in dhcp 2.x pass parameters to a function that uses format strings. One use seems to be exploitable in connection with a malicious DNS server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1006 to this issue. Users of dhcp are advised to upgrade to this errata package, which contains backported patches correcting this issue. Affected platforms: Redhat 7.3 Solution: http://www.securityspace.com/smysecure/catid.html?in=FLSA-2005:152835 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	BugTraq ID: 11591 Common Vulnerability Exposure (CVE) ID: CVE-2004-1006 http://www.securityfocus.com/bid/11591 Bugtraq: 20041025 debian dhcpd, old format string bug (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-10/0287.html Bugtraq: 20041105 Re: debian dhcpd, old format string bug (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-11/0037.html http://marc.info/?l=bugtraq&m=109968710822449&w=2 CERT/CC vulnerability note: VU#448384 http://www.kb.cert.org/vuls/id/448384 Debian Security Information: DSA-584 (Google Search) http://www.debian.org/security/2004/dsa-584 http://www.redhat.com/support/errata/RHSA-2005-212.html XForce ISS Database: dhcp-log-format-string(17963) https://exchange.xforce.ibmcloud.com/vulnerabilities/17963
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.