Jacques A. Vidrine

**Name of the Vulnerable Software and Affected Versions** ISC DHCPD versions 3.0 through 3.0.1RC10 dhclient version 3.0pl1 dhcp-devel version 3.0pl1 dhcp version 3.0pl1 **Description** The issue involves multiple stack-based buffer overflows in the error handling routines of the minires library used in the NSUPDATE capability for ISC DHCPD. This allows remote attackers to execute arbitrary code via a DHCP message containing a long hostname. The vulnerability can lead to disruption of confidentiality, integrity, and availability of protected information and can be exploited remotely. **Recommendations** For ISC DHCPD versions 3.0 through 3.0.1RC10, update to a version that fixes the buffer overflow issue in the minires library. For dhclient version 3.0pl1, consider disabling the vulnerable functionality until a patch is available. For dhcp-devel version 3.0pl1, restrict access to the vulnerable components to minimize the risk of exploitation. For dhcp version 3.0pl1, avoid using the vulnerable package until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.