CVE-2004-0461

Name of the Vulnerable Software and Affected Versions ISC DHCP versions 3.0.1rc12 through 3.0.1rc13

Description The issue arises when the DHCP daemon (DHCPD) for ISC DHCP is compiled in environments lacking the vsnprintf function, leading to the use of C include files that define vsnprintf to use the less safe vsprintf function. This can result in buffer overflow vulnerabilities, enabling a denial of service (server crash) and possibly allowing the execution of arbitrary code.

Recommendations For versions 3.0.1rc12 and 3.0.1rc13, consider compiling the DHCP daemon in an environment that provides the vsnprintf function to mitigate the risk of buffer overflow vulnerabilities. As a temporary workaround, restrict access to the DHCP service to minimize the risk of exploitation.