CVE-2002-0702
published 2002-07-26CVE-2002-0702: Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option…
PriorityP349critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
31.14%
98.0th percentile
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| isc | dhcpd | — | — |
| isc | dhcpd | — | — |
| isc | dhcpd | — | — |
| isc | dhcpd | — | — |
| isc | dhcpd | — | — |
| isc | dhcpd | — | — |
| isc | dhcpd | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-crjc-v7fx-459m: Format string vulnerabilities in the logging routines for dynamic DNS code (print
ghsa_unreviewed·2022-05-03
CVE-2002-0702 [HIGH] GHSA-crjc-v7fx-459m: Format string vulnerabilities in the logging routines for dynamic DNS code (print
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.
GHSA
GHSA-3f5j-qwg9-83wr: Format string vulnerability in the log functions in dhcpd for dhcp 2
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-1006 [CRITICAL] GHSA-3f5j-qwg9-83wr: Format string vulnerability in the log functions in dhcpd for dhcp 2
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.
Red Hat
security flaw
vendor_redhat·2004-11-02·CVSS 10.0
CVE-2004-1006 [CRITICAL] security flaw
security flaw
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.
No detection rules found.
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-028.0.txthttp://archives.neohapsis.com/archives/vulnwatch/2002-q2/0063.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000483http://marc.info/?l=bugtraq&m=102089498828206&w=2http://www.cert.org/advisories/CA-2002-12.htmlhttp://www.iss.net/security_center/static/9039.phphttp://www.kb.cert.org/vuls/id/854315http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-037.phphttp://www.novell.com/linux/security/advisories/2002_19_dhcp.htmlhttp://www.securityfocus.com/bid/4701ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-028.0.txthttp://archives.neohapsis.com/archives/vulnwatch/2002-q2/0063.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000483http://marc.info/?l=bugtraq&m=102089498828206&w=2http://www.cert.org/advisories/CA-2002-12.htmlhttp://www.iss.net/security_center/static/9039.phphttp://www.kb.cert.org/vuls/id/854315http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-037.phphttp://www.novell.com/linux/security/advisories/2002_19_dhcp.htmlhttp://www.securityfocus.com/bid/4701
2002-07-26
Published