CVE-2003-0026: Buffer Overflow
First published: Thu Jan 16 2003(Updated: )
Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC DHCP | =3.0 | |
| ISC DHCP | =3.0.1-rc1 | |
| ISC DHCP | =3.0.1-rc2 | |
| ISC DHCP | =3.0.1-rc3 | |
| ISC DHCP | =3.0.1-rc4 | |
| ISC DHCP | =3.0.1-rc5 | |
| ISC DHCP | =3.0.1-rc6 | |
| ISC DHCP | =3.0.1-rc7 | |
| ISC DHCP | =3.0.1-rc8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cert.org/advisories/CA-2003-01.html
- http://www.kb.cert.org/vuls/id/284857
- http://www.redhat.com/support/errata/RHSA-2003-011.html
- http://www.debian.org/security/2003/dsa-231
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html
- http://www.ciac.org/ciac/bulletins/n-031.shtml
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:007
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html
- http://www.securityfocus.com/bid/6627
- http://www.securitytracker.com/id?1005924
- http://www.suse.com/de/security/2003_006_dhcp.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11073
Frequently Asked Questions
What is the severity of CVE-2003-0026?
CVE-2003-0026 is classified as a critical vulnerability due to the potential for remote code execution.
What kind of attack is associated with CVE-2003-0026?
CVE-2003-0026 allows remote attackers to exploit stack-based buffer overflows via malicious DHCP messages.
How can I fix CVE-2003-0026?
To fix CVE-2003-0026, it is essential to upgrade to a patched version of ISC DHCPD that addresses this vulnerability.
Which versions of ISC DHCPD are affected by CVE-2003-0026?
CVE-2003-0026 affects ISC DHCPD versions 3.0 through 3.0.1RC10.
What is the impact of exploiting CVE-2003-0026?
Exploiting CVE-2003-0026 could allow attackers to execute arbitrary code on the affected system.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/isc
- canonical/isc dhcp
- version/isc dhcp/3.0
- version/isc dhcp/3.0.1-rc1
- version/isc dhcp/3.0.1-rc2
- version/isc dhcp/3.0.1-rc3
- version/isc dhcp/3.0.1-rc4
- version/isc dhcp/3.0.1-rc5
- version/isc dhcp/3.0.1-rc6
- version/isc dhcp/3.0.1-rc7
- version/isc dhcp/3.0.1-rc8