CVE-2003-0026
Summary
| CVE | CVE-2003-0026 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2003-01-17 05:00:00 UTC |
| Updated | 2017-07-11 01:29:00 UTC |
| Description | Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Isc | Dhcpd | 3.0 | All | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc1 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc2 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc3 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc4 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc5 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc6 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc7 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc8 | All | All |
| Application | Isc | Dhcpd | 3.0 | All | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc1 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc2 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc3 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc4 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc5 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc6 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc7 | All | All |
| Application | Isc | Dhcpd | 3.0.1 | rc8 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Debian -- Security Information -- DSA-231-1 dhcp3 | DEBIAN | www.debian.org | Patch, Vendor Advisory |
| ISC DHCPD NSUPDATE MiniRes Library Remote Buffer Overflow Vulnerabilities | BID | www.securityfocus.com | |
| Neohapsis Archives - Bugtraq - [securityslackware.com: [slackware-security] New DHCP packages available] - From whitevampire_at_mindless.com | BUGTRAQ | archives.neohapsis.com | |
| SecurityTracker.com Archives - ISC DHCPD Minires Library Buffer Overflows Let Remote Users Execute Arbitrary Code | SECTRACK | www.securitytracker.com | |
| Security Announcement | SUSE | www.suse.com | |
| CERT Advisory CA-2003-01 Buffer Overflows in ISC DHCPD Minires Library | CERT | www.cert.org | Patch, Third Party Advisory, US Government Resource |
| OpenPKG Corporation: Security: Security Advisories | OPENPKG | www.openpkg.com | |
| N-031: Buffer Overflows in ISC DHCPD Minires Library | CIAC | www.ciac.org | |
| Advisories - Mandriva | MANDRAKE | www.mandriva.com | |
| Home - Conectiva | CONECTIVA | distro.conectiva.com.br | |
| CERT/CC Vulnerability Note VU#284857 | CERT-VN | www.kb.cert.org | Patch, Third Party Advisory, US Government Resource |
| redhat.com | Red Hat Support | REDHAT | www.redhat.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.