Signature Detail

DHCP: ISC DHCPDv3 Format String Exploit

This signature detects attempts to exploit the format string overflow vulnerability in a ISC DHCPDv3 server. A successful attacker can gain access to execute code on the system with the privileges of DHCPD, which is normally root.

Extended Description

The ISC DHCPD (Dynamic Host Configuration Protocol) is a collection of software implementing the DHCP protocol. It is available for a range of operating systems, including BSD and Solaris. A remote format string vulnerability has been reported in multiple versions of the DHCPD server. User supplied data is logged in an unsafe fashion. Exploitation of this vulnerability may result in arbitrary code being executed by the DHCP server, which generally runs as the root user. This vulnerability is dependant on the NSUPDATE configuration option being enabled. NSUPDATE is enabled by default in versions 3.0 and later of the DHCPD server.

Affected Products

• ISC DHCPD 2.0.pl5
• ISC DHCPD 3.0.0
• ISC DHCPD 3.0.1 Rc1
• ISC DHCPD 3.0.1 Rc2
• ISC DHCPD 3.0.1 Rc3
• ISC DHCPD 3.0.1 Rc4
• ISC DHCPD 3.0.1 Rc5
• ISC DHCPD 3.0.1 Rc6
• ISC DHCPD 3.0.1 Rc7
• ISC DHCPD 3.0.1 Rc8

References

• BugTraq: 4701
• CVE: CVE-2002-0702
• URL: http://www.iss.net/security_center/static/9039.php
• URL: http://www.cert.org/advisories/CA-2002-12.html
• URL: http://www.kb.cert.org/vuls/id/854315