DHCP: Format String in FQDN Option
This protocol anomaly is a DHCP option (FQDN or CLIENT_FQDN) with a format string in it. Attackers can gain a shell with the DHCP server user permissions usually root).
Extended Description
The ISC DHCPD (Dynamic Host Configuration Protocol) is a collection of software implementing the DHCP protocol. It is available for a range of operating systems, including BSD and Solaris. A remote format string vulnerability has been reported in multiple versions of the DHCPD server. User supplied data is logged in an unsafe fashion. Exploitation of this vulnerability may result in arbitrary code being executed by the DHCP server, which generally runs as the root user. This vulnerability is dependant on the NSUPDATE configuration option being enabled. NSUPDATE is enabled by default in versions 3.0 and later of the DHCPD server.
Affected Products
Isc dhcpd
Short Name
DHCP:SERVER:FMT-STR
Severity
Minor
Recommended
False
Recommended Action
None
Category
DHCP
Keywords
CVE-2002-0702 DHCP FORMAT STRING bid:4701
Release Date
01/27/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Isc
CVSS Score
10.0