What is the severity of CVE-2004-1006?

CVE-2004-1006 is considered a critical vulnerability due to its potential to allow remote code execution.

How do I fix CVE-2004-1006?

To fix CVE-2004-1006, upgrade to a patched version of ISC DHCP Server that addresses the format string vulnerability.

Which versions of ISC DHCP Server are affected by CVE-2004-1006?

CVE-2004-1006 affects ISC DHCP Server versions 2.0.pl5 and 3.0, as well as various 3.0 beta and release candidates.

What is the nature of the vulnerability in CVE-2004-1006?

CVE-2004-1006 is a format string vulnerability in the log functions of the dhcpd allowing arbitrary code execution.

Can CVE-2004-1006 be exploited remotely?

Yes, CVE-2004-1006 can be exploited remotely through specially crafted DNS messages sent to vulnerable DHCP servers.

Vulnerability/
CVE-2004-1006

critical

CWE

NVD-CWE-Other

19/11/2004

8/8/2024

CVE-2004-1006

First published: Fri Nov 19 2004(Updated: )

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ISC DHCP Server	=2.0.pl5
ISC DHCP Server	=3.0
ISC DHCP Server	=3.0-rc12
ISC DHCP Server	=3.0-rc4
ISC DHCP Server	=3.0.1-rc1
ISC DHCP Server	=3.0.1-rc10
ISC DHCP Server	=3.0.1-rc11
ISC DHCP Server	=3.0.1-rc12
ISC DHCP Server	=3.0.1-rc13
ISC DHCP Server	=3.0.1-rc14
ISC DHCP Server	=3.0.1-rc2
ISC DHCP Server	=3.0.1-rc3
ISC DHCP Server	=3.0.1-rc4
ISC DHCP Server	=3.0.1-rc5
ISC DHCP Server	=3.0.1-rc6
ISC DHCP Server	=3.0.1-rc7
ISC DHCP Server	=3.0.1-rc8
ISC DHCP Server	=3.0.1-rc9
ISC DHCP Server	=3.0_b2pl9
ISC DHCP Server	=3.0_b2pl23
ISC DHCP Server	=3.0_pl1
ISC DHCP Server	=3.0_pl2

Remedy

http://www.debian.org/security/2004/dsa-584

Remedy

http://www.securityfocus.com/bid/11591

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-1006?
CVE-2004-1006 is considered a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2004-1006?
To fix CVE-2004-1006, upgrade to a patched version of ISC DHCP Server that addresses the format string vulnerability.
Which versions of ISC DHCP Server are affected by CVE-2004-1006?
CVE-2004-1006 affects ISC DHCP Server versions 2.0.pl5 and 3.0, as well as various 3.0 beta and release candidates.
What is the nature of the vulnerability in CVE-2004-1006?
CVE-2004-1006 is a format string vulnerability in the log functions of the dhcpd allowing arbitrary code execution.
Can CVE-2004-1006 be exploited remotely?
Yes, CVE-2004-1006 can be exploited remotely through specially crafted DNS messages sent to vulnerable DHCP servers.

agent/references
agent/type
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/weakness
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/isc
canonical/isc dhcp server
version/isc dhcp server/2.0.pl5
version/isc dhcp server/3.0
version/isc dhcp server/3.0-rc12
version/isc dhcp server/3.0-rc4
version/isc dhcp server/3.0.1-rc1
version/isc dhcp server/3.0.1-rc10
version/isc dhcp server/3.0.1-rc11
version/isc dhcp server/3.0.1-rc12
version/isc dhcp server/3.0.1-rc13
version/isc dhcp server/3.0.1-rc14
version/isc dhcp server/3.0.1-rc2
version/isc dhcp server/3.0.1-rc3
version/isc dhcp server/3.0.1-rc4
version/isc dhcp server/3.0.1-rc5
version/isc dhcp server/3.0.1-rc6
version/isc dhcp server/3.0.1-rc7
version/isc dhcp server/3.0.1-rc8
version/isc dhcp server/3.0.1-rc9
version/isc dhcp server/3.0_b2pl9
version/isc dhcp server/3.0_b2pl23
version/isc dhcp server/3.0_pl1
version/isc dhcp server/3.0_pl2

Frequently Asked Questions

What is the severity of CVE-2004-1006?
CVE-2004-1006 is considered a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2004-1006?
To fix CVE-2004-1006, upgrade to a patched version of ISC DHCP Server that addresses the format string vulnerability.
Which versions of ISC DHCP Server are affected by CVE-2004-1006?
CVE-2004-1006 affects ISC DHCP Server versions 2.0.pl5 and 3.0, as well as various 3.0 beta and release candidates.
What is the nature of the vulnerability in CVE-2004-1006?
CVE-2004-1006 is a format string vulnerability in the log functions of the dhcpd allowing arbitrary code execution.
Can CVE-2004-1006 be exploited remotely?
Yes, CVE-2004-1006 can be exploited remotely through specially crafted DNS messages sent to vulnerable DHCP servers.

CVE-2004-1006

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-1006?

How do I fix CVE-2004-1006?

Which versions of ISC DHCP Server are affected by CVE-2004-1006?

What is the nature of the vulnerability in CVE-2004-1006?

Can CVE-2004-1006 be exploited remotely?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2004-1006?

How do I fix CVE-2004-1006?

Which versions of ISC DHCP Server are affected by CVE-2004-1006?

What is the nature of the vulnerability in CVE-2004-1006?

Can CVE-2004-1006 be exploited remotely?