返回 CVE 浏览器

CVE-2002-0702

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1050%

EPSS Percentile25.66th

Published2002年7月26日

Last Modified2026年4月16日

Vulnerability Description

Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.

Affected Platforms (CPE)

📦

Isc

Dhcpd

= 3.0

📦

Isc

Dhcpd

= 3.0.1

📦

Isc

Dhcpd

= 3.0.1

📦

Isc

Dhcpd

= 3.0.1

📦

Isc

Dhcpd

= 3.0.1

📦

Isc

Dhcpd

= 3.0.1

📦

Isc

Dhcpd

= 3.0.1

📦

Isc

Dhcpd

= 3.0.1

📦

Isc

Dhcpd

= 3.0.1

References & Advisories

🔗 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-028.0.txt

🔗 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0063.html

🔗 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000483

🔗 http://marc.info/?l=bugtraq&m=102089498828206&w=2

🔗 http://www.cert.org/advisories/CA-2002-12.html

🔗 http://www.iss.net/security_center/static/9039.php

🔗 http://www.kb.cert.org/vuls/id/854315

🔗 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-037.php

相关漏洞威胁

CVE-2004-046010.0

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers...

CVE-2004-046110.0

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf func...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2007-006210.0

Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before ...