A remote overflow exists in ISC DHCP server. The DHCP server fails to check the boundary length from a DHCP request with multiple hostname query options set. The logging function uses a temporary 1024 byte buffer for storage and this can result in a buffer overflow. With a specially crafted DHCP request, an attacker can cause supplied code to execute resulting in a loss of integrity.

Upgrade to version 3.0.1rc14 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Secunia Advisory ID: 11923 11927 11929 11933 12031
• CVE ID: 2004-0460 (see also: NVD)
• CERT VU: 317350
• SCIP VulDB ID: 723
• Related OSVDB ID: 7238
• Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=108795911203342&w=2
• Vendor Specific Advisory URL: http://www.arubanetworks.com/support/alerts/vu317350.asc
  http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2004-06-004&viewMode=view [ Auth Req'd ]
• Vendor URL: http://www.isc.org/index.pl?/sw/dhcp/dhcp_dev.php
• Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:061
  http://www.suse.de/de/security/2004_19_dhcp_server.html
• US-CERT Cyber Security Alert: TA04-174A

• Gregory Duchemin - c3rb3rsympatico.ca -