Title: Caldera DHCP Package Format String Vulnerabililty
Severity: HIGH
Description:
DHCP is the Dynamic Host Configuration Protocol, an open source, freely available, RFC specified networking protocol for host management. It is included with most versions of the UNIX Operating System.
A problem with the Caldera implementation could create the possibility of a format string attack. The problem affects both the DHCP daemon and client, and involves string formatting when passed through the error logging code. It is possible to pass custom crafted packets to both the DHCP daemon and DHCP client that will result in an error, and pass the formatted strings to a static buffer. This buffer will then be filled and overflowed, overwriting variables on the stack and potentially executing arbitrary code. This problem makes it possible for a user with malicious motives to execute arbitrary code, potentially gain access, and elevated privileges.
Affected Products:
- Caldera OpenLinux Desktop 2.3.0
- SCO eDesktop 2.4.0
- SCO eServer 2.3.1
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
