CVE-2004-0461

CVSS 10.0 - HIGH

Description

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.

Affected Products

Vendor	Product	Version
infoblox	dns_one_appliance	`2.3.1_r5`
infoblox	dns_one_appliance	`2.4.0.8`
infoblox	dns_one_appliance	`2.4.0.8a`
isc	dhcpd	`3.0.1`
isc	dhcpd	`3.0.1`
suse	suse_email_server	`iii`
suse	suse_linux_admin-cd_for_firewall	`All versions`
suse	suse_linux_connectivity_server	`All versions`
suse	suse_linux_database_server	`All versions`
suse	suse_linux_firewall_cd	`All versions`
suse	suse_linux_office_server	`All versions`
mandrakesoft	mandrake_linux	`9.0`
mandrakesoft	mandrake_linux	`9.1`
mandrakesoft	mandrake_linux	`9.1`
mandrakesoft	mandrake_linux	`9.2`
mandrakesoft	mandrake_linux	`9.2`
mandrakesoft	mandrake_linux	`10.0`
mandrakesoft	mandrake_linux	`10.0`
redhat	fedora_core	`core_2.0`
suse	suse_linux	`7`
suse	suse_linux	`8`
suse	suse_linux	`8.0`
suse	suse_linux	`8.0`
suse	suse_linux	`8.1`
suse	suse_linux	`8.2`
suse	suse_linux	`9.0`
suse	suse_linux	`9.0`
suse	suse_linux	`9.1`