Vulnerability Name:

CVE-2004-0461 (CCN-16476)

Assigned:2004-06-22
Published:2004-06-22
Updated:2017-07-11
Summary:The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Jun 28 2004 - 00:23:53 CDT
ISC DHCP overflows

Source: MITRE
Type: CNA
CVE-2004-0461

Source: BUGTRAQ
Type: UNKNOWN
20040622 DHCP Vuln // no code 0day //

Source: BUGTRAQ
Type: UNKNOWN
20040628 ISC DHCP overflows

Source: BUGTRAQ
Type: UNKNOWN
20040708 [OpenPKG-SA-2004.031] OpenPKG Security Advisory (dhcpd)

Source: CCN
Type: SA23265
XEROX WorkCentre Products Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
23265

Source: CCN
Type: CIAC Information Bulletin 0-177
Multiple Vulnerabilities in ISC DHCP 3

Source: CCN
Type: Internet Software Consortium Web site
Internet Software Consortium - DHCP

Source: CCN
Type: US-CERT VU#654390
ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions

Source: CERT-VN
Type: US Government Resource
VU#654390

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:061

Source: SUSE
Type: UNKNOWN
SuSE-SA:2004:019

Source: CCN
Type: OpenPKG-SA-2004.031
DHCPd

Source: CCN
Type: OSVDB ID: 7238
ISC DHCP vsnprintf Overflow

Source: BID
Type: Patch, Vendor Advisory
10591

Source: CCN
Type: BID-10591
ISC DHCPD VSPRINTF Buffer Overflow Vulnerability

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA04-174A
Multiple Vulnerabilities in ISC DHCP 3

Source: CERT
Type: Third Party Advisory, US Government Resource
TA04-174A

Source: CONFIRM
Type: UNKNOWN
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf

Source: XF
Type: UNKNOWN
dhcp-c-include-bo(16476)

Source: XF
Type: UNKNOWN
dhcp-c-include-bo(16476)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:infoblox:dns_one_appliance:2.3.1_r5:*:*:*:*:*:*:*
  • OR cpe:/h:infoblox:dns_one_appliance:2.4.0.8:*:*:*:*:*:*:*
  • OR cpe:/h:infoblox:dns_one_appliance:2.4.0.8a:*:*:*:*:*:*:*
  • AND
  • cpe:/a:isc:dhcpd:3.0.1:rc12:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc13:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_admin-cd_for_firewall:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_firewall_cd:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:dhcpd:3.0.1:rc12:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcpd:3.0.1:rc13:*:*:*:*:*:*
  • AND
  • cpe:/o:digital:ultrix:*:*:*:*:*:*:*:*
  • OR cpe:/o:next:nextstep:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:cygwin:cygwin:1.7.10:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040461
    V
    		CVE-2004-0461
    2015-11-16
    BACK
    infoblox dns one appliance 2.3.1_r5
    infoblox dns one appliance 2.4.0.8
    infoblox dns one appliance 2.4.0.8a
    isc dhcpd 3.0.1 rc12
    isc dhcpd 3.0.1 rc13
    suse suse email server iii
    suse suse linux admin-cd for firewall *
    suse suse linux connectivity server *
    suse suse linux database server *
    suse suse linux firewall cd *
    suse suse linux office server *
    mandrakesoft mandrake linux 9.0
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 10.0
    redhat fedora core core_2.0
    suse suse linux 7
    suse suse linux 8
    suse suse linux 8.0
    suse suse linux 8.0
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    isc dhcpd 3.0.1 rc12
    isc dhcpd 3.0.1 rc13
    digital ultrix *
    next nextstep *
    sun sunos 4.0
    sun sunos 5.5
    suse suse linux 8.0
    openpkg openpkg current
    suse suse linux 8.1
    suse suse linux 8.2
    openpkg openpkg 1.3
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    cygwin cygwin 1.7.10
    openpkg openpkg 2.0
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0