CVE-2002-0702

Name of the Vulnerable Software and Affected Versions ISC DHCP daemon versions 3 to 3.0.1rc8

Description The issue concerns format string vulnerabilities in the logging routines for dynamic DNS code of the ISC DHCP daemon. This vulnerability can be exploited by remote malicious DNS servers when the NSUPDATE option is enabled, allowing them to execute arbitrary code via format strings in a DNS server response.

Recommendations For ISC DHCP daemon versions 3 to 3.0.1rc8, consider disabling the NSUPDATE option as a temporary workaround until a patch is available. Restrict access to the dynamic DNS code to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.